Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

302 advisories

Loading
Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote... Critical Unreviewed
CVE-2024-3847 was published Apr 17, 2024
The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in... Critical Unreviewed
CVE-2024-12626 was published Dec 19, 2024
TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. The... Critical Unreviewed
CVE-2024-12641 was published Dec 16, 2024
Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a... Critical Unreviewed
CVE-2024-11986 was published Dec 13, 2024
whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component. Critical Unreviewed
CVE-2024-53442 was published Dec 5, 2024
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting ... Critical Unreviewed
CVE-2024-54032 was published Dec 10, 2024
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to... Critical Unreviewed
CVE-2024-6516 was published Dec 5, 2024
Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot... Critical Unreviewed
CVE-2024-49038 was published Nov 26, 2024
An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0... Critical Unreviewed
CVE-2024-51053 was published Nov 18, 2024
Django Allows Redirect via Data URL Critical
CVE-2012-3442 was published for django (pip) May 17, 2022
A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service... Critical Unreviewed
CVE-2023-43091 was published Nov 17, 2024
XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in... Critical Unreviewed
CVE-2024-10217 was published Nov 12, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability Critical
CVE-2024-25737 was published for vufind/vufind (Composer) May 22, 2024
The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and... Critical Unreviewed
CVE-2024-7982 was published Nov 8, 2024
happy-dom allows for server side code to be executed by a <script> tag Critical
CVE-2024-51757 was published for happy-dom (npm) Nov 6, 2024
kevin-mizu
Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE Critical
CVE-2024-51735 was published for github.com/j3ssie/osmedeus (Go) Nov 5, 2024
n00b-bot
SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain... Critical Unreviewed
CVE-2024-26517 was published May 14, 2024
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a... Critical Unreviewed
CVE-2024-1676 was published Feb 21, 2024
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting Critical
CVE-2024-47186 was published for filament/infolists (Composer) Sep 27, 2024
sv-LayZ danharrin
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute... Critical Unreviewed
CVE-2024-46538 was published Oct 22, 2024
The affected product is vulnerable to a cross-site scripting attack which may allow an attacker... Critical Unreviewed
CVE-2024-49397 was published Oct 17, 2024
Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 ... Critical Unreviewed
CVE-2024-23786 was published Oct 17, 2024
Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the... Critical Unreviewed
CVE-2023-50808 was published Feb 13, 2024
Inconsistent input sanitisation leads to XSS vectors Critical
CVE-2021-41132 was published for omero-figure (pip) Oct 14, 2021
modoboa Cross-site Scripting vulnerability Critical
CVE-2023-5688 was published for modoboa (pip) Oct 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database