Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,680 advisories

Loading
Marp Core allows XSS by improper neutralization of HTML sanitization Moderate
GHSA-x52f-h5g4-8qv5 was published for @marp-team/marp-core (npm) Dec 26, 2024
Ry0taK
Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx Moderate
CVE-2024-56364 was published for shuchkin/simplexlsx (Composer) Dec 23, 2024
shuchkin
Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment Moderate
GHSA-64gp-r758-8pfm was published for org.jboss.hal:hal-console (Maven) Dec 23, 2024
Piranha CMS Cross-site Scripting vulnerability Moderate
CVE-2024-55341 was published for Piranha (NuGet) Dec 20, 2024
Piranha CMS Cross-site Scripting vulnerability Moderate
CVE-2024-55342 was published for Piranha (NuGet) Dec 20, 2024
baserCMS Cross-site Scripting vulnerability in Site search Feature Moderate
CVE-2023-44379 was published for baserproject/basercms (Composer) Feb 22, 2024
Liferay Portal and Liferay DXP have Cross-site Scripting vulnerability in edit Service Access Policy page Moderate
CVE-2023-37940 was published for com.liferay.portal:release.dxp.bom (Maven) Dec 18, 2024
Liferay Portal and Liferay DXP vulnerable to Criss-site Scripting Moderate
CVE-2024-11993 was published for com.liferay.portal:release.dxp.bom (Maven) Dec 17, 2024
Firefly III allows webhooks HTML Injection. Moderate
CVE-2024-22075 was published for grumpydictator/firefly-iii (Composer) Jan 5, 2024
Concrete CMS Stored XSS in Layout Preset Name Moderate
CVE-2023-48650 was published for concrete5/concrete5 (Composer) Feb 29, 2024
Vitess allows HTML injection in /debug/querylogz & /debug/env Moderate
CVE-2024-53257 was published for vitess.io/vitess (Go) Dec 3, 2024
quinox
D-Tale allows Remote Code Execution through the Custom Filter Input Moderate
CVE-2024-55890 was published for dtale (pip) Dec 13, 2024
TaiPhung217
Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx Moderate
CVE-2024-55878 was published for shuchkin/simplexlsx (Composer) Dec 12, 2024
shuchkin
Apache Answer Cross-site Scripting vulnerability Moderate
CVE-2024-23349 was published for github.com/apache/incubator-answer (Go) Feb 22, 2024
LibreNMS stored cross-site scripting (XSS) vulnerability in the Device Settings section Moderate
CVE-2024-53457 was published for librenms/librenms (Composer) Dec 6, 2024
YiiCMS Cross Site Scripting vulnerability Moderate
CVE-2020-21246 was published for sheng/yiicms (Composer) Jun 20, 2023
Drupal Core Cross-Site Scripting (XSS) Moderate
CVE-2024-12393 was published for drupal/core (Composer) Dec 10, 2024
Hugo does not escape some attributes in internal templates Moderate
CVE-2024-55601 was published for github.com/gohugoio/hugo (Go) Dec 9, 2024
jmooring
Trix editor subject to XSS vulnerabilities on copy & paste Moderate
CVE-2024-53847 was published for trix (npm) Dec 9, 2024
MediaWiki UnlinkedWikibase Cross-site Scripting vulnerability Moderate
CVE-2024-34500 was published for samwilson/unlinked-wikibase (Composer) May 5, 2024
Apache Archiva Reflected Cross-site Scripting vulnerability Moderate
CVE-2024-27140 was published for org.apache.archiva:archiva-common (Maven) Mar 1, 2024
oscerd
Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality Moderate
CVE-2024-53999 was published for mobsf (pip) Dec 3, 2024
lDomenx
pyspider Cross-site Scripting vulnerability Moderate
CVE-2024-39162 was published for pyspider (pip) Nov 29, 2024
Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern Moderate
CVE-2024-53864 was published for ibexa/admin-ui (Composer) Dec 2, 2024
vue-i18n has cross-site scripting vulnerability with prototype pollution Moderate
CVE-2024-52809 was published for @intlify/core (npm) Dec 2, 2024
BobbieGoede
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database