GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
280 advisories
Filter by severity
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting
Critical
CVE-2024-47186
was published
for
filament/infolists
(Composer)
Sep 27, 2024
A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote...
Critical
Unreviewed
CVE-2024-46367
was published
Sep 27, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-4657
was published
Sep 25, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-7785
was published
Sep 19, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-6877
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-5959
was published
Sep 18, 2024
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be...
Critical
Unreviewed
CVE-2024-8695
was published
Sep 12, 2024
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows...
Critical
Unreviewed
CVE-2024-45265
was published
Aug 26, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Critical
Unreviewed
CVE-2023-6452
was published
Aug 22, 2024
XWiki Platform allows XSS through XClass name in string properties
Critical
CVE-2024-43400
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Aug 19, 2024
Azure Stack Hub Spoofing Vulnerability
Critical
Unreviewed
CVE-2024-38108
was published
Aug 13, 2024
AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL...
Critical
Unreviewed
CVE-2024-41476
was published
Aug 12, 2024
An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara...
Critical
Unreviewed
CVE-2024-40482
was published
Aug 12, 2024
Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to...
Critical
Unreviewed
CVE-2024-28740
was published
Aug 6, 2024
An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a...
Critical
Unreviewed
CVE-2024-28739
was published
Aug 6, 2024
Long pressing on a download link could potentially allow Javascript commands to be executed...
Critical
Unreviewed
CVE-2024-43111
was published
Aug 6, 2024
Gitea Cross-site Scripting Vulnerability
Critical
CVE-2024-6886
was published
for
code.gitea.io/gitea
(Go)
Aug 6, 2024
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a...
Critical
Unreviewed
CVE-2024-42009
was published
Aug 5, 2024
A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7...
Critical
Unreviewed
CVE-2024-42008
was published
Aug 5, 2024
NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint
Critical
CVE-2023-49785
was published
for
nextchat
(npm)
Aug 5, 2024
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution
Critical
CVE-2024-41947
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jul 31, 2024
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version...
Critical
Unreviewed
CVE-2024-6035
was published
Jul 11, 2024
Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to...
Critical
Unreviewed
CVE-2024-40618
was published
Jul 11, 2024
goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via...
Critical
Unreviewed
CVE-2024-23998
was published
Jul 5, 2024
Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts.
Critical
Unreviewed
CVE-2024-23997
was published
Jul 5, 2024
ProTip!
Advisories are also available from the
GraphQL API