GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
337 advisories
Filter by severity
Prevent XSS from Confidant API call
Moderate
CVE-2024-45793
was published
for
confidant
(pip)
Sep 20, 2024
Aim Stored XSS through TEXT EXPLORER
Moderate
CVE-2024-8863
was published
for
aim
(pip)
Sep 16, 2024
MindsDB Cross-site Scripting vulnerability
Moderate
CVE-2024-45856
was published
for
mindsdb
(pip)
Sep 12, 2024
D-Tale vulnerable to Remote Code Execution through the Query input on Chart Builder
Moderate
CVE-2024-45595
was published
for
dtale
(pip)
Sep 10, 2024
HTML injection in JupyterLite leading to DOM Clobbering
High
GHSA-gj55-2xf9-67rq
was published
for
jupyterlite-core
(pip)
Sep 6, 2024
Indico has a Cross-Site-Scripting during account creation
Moderate
CVE-2024-45399
was published
for
indico
(pip)
Sep 4, 2024
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
High
CVE-2024-43805
was published
for
jupyterlab
(pip)
Aug 29, 2024
FastAPI Admin Cross-site Scripting vulnerability in the Config-Create function
Moderate
CVE-2024-42818
was published
for
fastapi-admin
(pip)
Aug 26, 2024
FastAPI Admin cross-site scripting (XSS) vulnerability in the Create Product function
Moderate
CVE-2024-42816
was published
for
fastapi-admin
(pip)
Aug 26, 2024
pretix Stored Cross-site Scripting vulnerability
High
CVE-2024-8113
was published
for
pretix
(pip)
Aug 23, 2024
Apache Airflow Cross-site Scripting Vulnerability
Moderate
CVE-2024-41937
was published
for
apache-airflow
(pip)
Aug 21, 2024
CKAN has Cross-site Scripting vector in the Datatables view plugin
Moderate
CVE-2024-41675
was published
for
ckan
(pip)
Aug 21, 2024
Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature)
Moderate
CVE-2024-43396
was published
for
khoj
(pip)
Aug 20, 2024
Open WebUI Stored Cross-Site Scripting Vulnerability
Moderate
CVE-2024-6706
was published
for
open-webui
(pip)
Aug 8, 2024
Aim Stored Cross-site Scripting Vulnerability
Moderate
CVE-2024-6578
was published
for
aim
(pip)
Jul 29, 2024
Twisted vulnerable to HTML injection in HTTP redirect body
Moderate
CVE-2024-41810
was published
for
twisted
(pip)
Jul 29, 2024
Sentry vulnerable to stored Cross-Site Scripting (XSS)
High
CVE-2024-41656
was published
for
sentry
(pip)
Jul 23, 2024
Calibre-Web Cross Site Scripting (XSS)
Moderate
CVE-2024-39123
was published
for
calibreweb
(pip)
Jul 19, 2024
Roundup Cross-site Scripting Vulnerability
Moderate
CVE-2024-39126
was published
for
roundup
(pip)
Jul 17, 2024
Roundup Cross-site Scripting Vulnerability
Moderate
CVE-2024-39124
was published
for
roundup
(pip)
Jul 17, 2024
Roundup Cross-site Scripting Vulnerability
Moderate
CVE-2024-39125
was published
for
roundup
(pip)
Jul 17, 2024
Apache Airflow Potential Cross-site Scripting Vulnerability
Moderate
CVE-2024-39863
was published
for
apache-airflow
(pip)
Jul 17, 2024
Reflected Cross-Site Scripting (XSS) in zenml
Moderate
CVE-2024-5062
was published
for
zenml
(pip)
Jun 30, 2024
Cross-site Scripting in djangorestframework
Moderate
CVE-2024-21520
was published
for
djangorestframework
(pip)
Jun 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Moderate
CVE-2024-38356
was published
for
TinyMCE
(Composer)
Jun 19, 2024
ProTip!
Advisories are also available from the
GraphQL API