Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

302 advisories

Loading
The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in... Critical Unreviewed
CVE-2024-12626 was published Dec 19, 2024
TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. The... Critical Unreviewed
CVE-2024-12641 was published Dec 16, 2024
Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a... Critical Unreviewed
CVE-2024-11986 was published Dec 13, 2024
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting ... Critical Unreviewed
CVE-2024-54032 was published Dec 10, 2024
whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component. Critical Unreviewed
CVE-2024-53442 was published Dec 5, 2024
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to... Critical Unreviewed
CVE-2024-6516 was published Dec 5, 2024
Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot... Critical Unreviewed
CVE-2024-49038 was published Nov 26, 2024
An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0... Critical Unreviewed
CVE-2024-51053 was published Nov 18, 2024
A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service... Critical Unreviewed
CVE-2023-43091 was published Nov 17, 2024
XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in... Critical Unreviewed
CVE-2024-10217 was published Nov 12, 2024
The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and... Critical Unreviewed
CVE-2024-7982 was published Nov 8, 2024
happy-dom allows for server side code to be executed by a <script> tag Critical
CVE-2024-51757 was published for happy-dom (npm) Nov 6, 2024
kevin-mizu
Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE Critical
CVE-2024-51735 was published for github.com/j3ssie/osmedeus (Go) Nov 5, 2024
n00b-bot
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute... Critical Unreviewed
CVE-2024-46538 was published Oct 22, 2024
The affected product is vulnerable to a cross-site scripting attack which may allow an attacker... Critical Unreviewed
CVE-2024-49397 was published Oct 17, 2024
Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 ... Critical Unreviewed
CVE-2024-23786 was published Oct 17, 2024
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting Critical
CVE-2024-47186 was published for filament/infolists (Composer) Sep 27, 2024
sv-LayZ danharrin
A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote... Critical Unreviewed
CVE-2024-46367 was published Sep 27, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-4657 was published Sep 25, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-7785 was published Sep 19, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-5959 was published Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-6877 was published Sep 18, 2024
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be... Critical Unreviewed
CVE-2024-8695 was published Sep 12, 2024
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows... Critical Unreviewed
CVE-2024-45265 was published Aug 26, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2023-6452 was published Aug 22, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database