GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,656
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
170 advisories
Filter by severity
A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote...
Critical
Unreviewed
CVE-2024-46367
was published
Sep 27, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-4657
was published
Sep 25, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-7785
was published
Sep 19, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-6877
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-5959
was published
Sep 18, 2024
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be...
Critical
Unreviewed
CVE-2024-8695
was published
Sep 12, 2024
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows...
Critical
Unreviewed
CVE-2024-45265
was published
Aug 26, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Critical
Unreviewed
CVE-2023-6452
was published
Aug 22, 2024
Azure Stack Hub Spoofing Vulnerability
Critical
Unreviewed
CVE-2024-38108
was published
Aug 13, 2024
AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL...
Critical
Unreviewed
CVE-2024-41476
was published
Aug 12, 2024
An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara...
Critical
Unreviewed
CVE-2024-40482
was published
Aug 12, 2024
Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to...
Critical
Unreviewed
CVE-2024-28740
was published
Aug 6, 2024
An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a...
Critical
Unreviewed
CVE-2024-28739
was published
Aug 6, 2024
Long pressing on a download link could potentially allow Javascript commands to be executed...
Critical
Unreviewed
CVE-2024-43111
was published
Aug 6, 2024
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a...
Critical
Unreviewed
CVE-2024-42009
was published
Aug 5, 2024
A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7...
Critical
Unreviewed
CVE-2024-42008
was published
Aug 5, 2024
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version...
Critical
Unreviewed
CVE-2024-6035
was published
Jul 11, 2024
Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to...
Critical
Unreviewed
CVE-2024-40618
was published
Jul 11, 2024
goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via...
Critical
Unreviewed
CVE-2024-23998
was published
Jul 5, 2024
Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts.
Critical
Unreviewed
CVE-2024-23997
was published
Jul 5, 2024
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated...
Critical
Unreviewed
CVE-2024-31401
was published
Jun 11, 2024
An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection.
Critical
Unreviewed
CVE-2024-33868
was published
May 14, 2024
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows...
Critical
Unreviewed
CVE-2024-32340
was published
Apr 17, 2024
A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers...
Critical
Unreviewed
CVE-2024-31650
was published
Apr 15, 2024
SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because...
Critical
Unreviewed
CVE-2024-2692
was published
Apr 4, 2024
ProTip!
Advisories are also available from the
GraphQL API