GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
302 advisories
Filter by severity
Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote...
Critical
Unreviewed
CVE-2024-3847
was published
Apr 17, 2024
The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in...
Critical
Unreviewed
CVE-2024-12626
was published
Dec 19, 2024
TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. The...
Critical
Unreviewed
CVE-2024-12641
was published
Dec 16, 2024
Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a...
Critical
Unreviewed
CVE-2024-11986
was published
Dec 13, 2024
whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component.
Critical
Unreviewed
CVE-2024-53442
was published
Dec 5, 2024
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting ...
Critical
Unreviewed
CVE-2024-54032
was published
Dec 10, 2024
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to...
Critical
Unreviewed
CVE-2024-6516
was published
Dec 5, 2024
Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot...
Critical
Unreviewed
CVE-2024-49038
was published
Nov 26, 2024
An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0...
Critical
Unreviewed
CVE-2024-51053
was published
Nov 18, 2024
Django Allows Redirect via Data URL
Critical
CVE-2012-3442
was published
for
django
(pip)
May 17, 2022
A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service...
Critical
Unreviewed
CVE-2023-43091
was published
Nov 17, 2024
XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in...
Critical
Unreviewed
CVE-2024-10217
was published
Nov 12, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability
Critical
CVE-2024-25737
was published
for
vufind/vufind
(Composer)
May 22, 2024
The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and...
Critical
Unreviewed
CVE-2024-7982
was published
Nov 8, 2024
happy-dom allows for server side code to be executed by a <script> tag
Critical
CVE-2024-51757
was published
for
happy-dom
(npm)
Nov 6, 2024
Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE
Critical
CVE-2024-51735
was published
for
github.com/j3ssie/osmedeus
(Go)
Nov 5, 2024
SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain...
Critical
Unreviewed
CVE-2024-26517
was published
May 14, 2024
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a...
Critical
Unreviewed
CVE-2024-1676
was published
Feb 21, 2024
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting
Critical
CVE-2024-47186
was published
for
filament/infolists
(Composer)
Sep 27, 2024
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute...
Critical
Unreviewed
CVE-2024-46538
was published
Oct 22, 2024
The affected product is vulnerable to a cross-site scripting attack which may allow an attacker...
Critical
Unreviewed
CVE-2024-49397
was published
Oct 17, 2024
Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 ...
Critical
Unreviewed
CVE-2024-23786
was published
Oct 17, 2024
Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the...
Critical
Unreviewed
CVE-2023-50808
was published
Feb 13, 2024
Inconsistent input sanitisation leads to XSS vectors
Critical
CVE-2021-41132
was published
for
omero-figure
(pip)
Oct 14, 2021
modoboa Cross-site Scripting vulnerability
Critical
CVE-2023-5688
was published
for
modoboa
(pip)
Oct 20, 2023
ProTip!
Advisories are also available from the
GraphQL API