GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,656
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,601 advisories
Filter by severity
Concrete CMS Stored XSS in the "Next&Previous Nav" block
Moderate
CVE-2024-8661
was published
for
concrete5/concrete5
(Composer)
Sep 16, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor
Moderate
CVE-2024-39910
was published
for
decidim
(RubyGems)
Sep 16, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log
Moderate
CVE-2024-32034
was published
for
decidim-admin
(RubyGems)
Sep 16, 2024
Aim Stored XSS through TEXT EXPLORER
Moderate
CVE-2024-8863
was published
for
aim
(pip)
Sep 16, 2024
MindsDB Cross-site Scripting vulnerability
Moderate
CVE-2024-45856
was published
for
mindsdb
(pip)
Sep 12, 2024
D-Tale vulnerable to Remote Code Execution through the Query input on Chart Builder
Moderate
CVE-2024-45595
was published
for
dtale
(pip)
Sep 10, 2024
send vulnerable to template injection that can lead to XSS
Moderate
CVE-2024-43799
was published
for
send
(npm)
Sep 10, 2024
serve-static vulnerable to template injection that can lead to XSS
Moderate
CVE-2024-43800
was published
for
serve-static
(npm)
Sep 10, 2024
express vulnerable to XSS via response.redirect()
Moderate
CVE-2024-43796
was published
for
express
(npm)
Sep 10, 2024
Craft CMS vulnerable to stored XSS in breadcrumb list and title fields
Moderate
CVE-2024-45406
was published
for
craftcms/cms
(Composer)
Sep 9, 2024
Gouniverse GoLang CMS vulnerable to Cross-site Scripting
Moderate
CVE-2024-8572
was published
for
github.com/gouniverse/cms
(Go)
Sep 8, 2024
Indico has a Cross-Site-Scripting during account creation
Moderate
CVE-2024-45399
was published
for
indico
(pip)
Sep 4, 2024
DOM clobbering could escalate to Cross-site Scripting (XSS)
Moderate
CVE-2024-45389
was published
for
@pagefind/default-ui
(npm)
Sep 3, 2024
Svelte has a potential mXSS vulnerability due to improper HTML escaping
Moderate
CVE-2024-45047
was published
for
svelte
(npm)
Aug 30, 2024
Serilog Client IP Spoofing vulnerability
Moderate
CVE-2024-44930
was published
for
Serilog.Enrichers.ClientInfo
(NuGet)
Aug 29, 2024
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information
Moderate
CVE-2024-45046
was published
for
phpoffice/phpspreadsheet
(Composer)
Aug 29, 2024
Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS
Moderate
CVE-2024-43788
was published
for
webpack
(npm)
Aug 27, 2024
FastAPI Admin cross-site scripting (XSS) vulnerability in the Create Product function
Moderate
CVE-2024-42816
was published
for
fastapi-admin
(pip)
Aug 26, 2024
FastAPI Admin Cross-site Scripting vulnerability in the Config-Create function
Moderate
CVE-2024-42818
was published
for
fastapi-admin
(pip)
Aug 26, 2024
Automad Cross-site Scripting vulnerability
Moderate
CVE-2024-40111
was published
for
automad/automad
(Composer)
Aug 23, 2024
•
withdrawn
Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036)
Moderate
CVE-2024-41658
was published
for
github.com/casdoor/casdoor
(Go)
Aug 22, 2024
Apache Airflow Cross-site Scripting Vulnerability
Moderate
CVE-2024-41937
was published
for
apache-airflow
(pip)
Aug 21, 2024
Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability
Moderate
CVE-2024-43407
was published
for
ckeditor4
(npm)
Aug 21, 2024
CKAN has Cross-site Scripting vector in the Datatables view plugin
Moderate
CVE-2024-41675
was published
for
ckan
(pip)
Aug 21, 2024
Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature)
Moderate
CVE-2024-43396
was published
for
khoj
(pip)
Aug 20, 2024
ProTip!
Advisories are also available from the
GraphQL API