GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,600 advisories
Filter by severity
Injection of arbitrary HTML/JavaScript code through the media download URL
Moderate
CVE-2024-47617
was published
for
sulu/sulu
(Composer)
Oct 3, 2024
Cross-site Scripting via uploaded SVG
Moderate
CVE-2024-47618
was published
for
sulu/sulu
(Composer)
Oct 3, 2024
Apache Zeppelin vulnerable to cross-site scripting in the helium module
Moderate
CVE-2024-31868
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
Apache Ambari: Various Cross site scripting problems
Moderate
CVE-2023-50378
was published
for
org.apache.ambari:ambari
(Maven)
Mar 1, 2024
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
Moderate
CVE-2024-43795
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature
Moderate
CVE-2024-47527
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature
Moderate
CVE-2024-47523
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature
Moderate
CVE-2024-47525
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
MoinMoin Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2016-7148
was published
for
moin
(pip)
May 17, 2022
Pagekit Cross-site Scripting vulnerability
Moderate
CVE-2024-45967
was published
for
pagekit/pagekit
(Composer)
Oct 1, 2024
Flowise and Flowise Chat Embed vulnerable to Stored Cross-site Scripting
Moderate
CVE-2024-9148
was published
for
flowise
(npm)
Sep 25, 2024
MoinMoin Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2009-1482
was published
for
moin
(pip)
May 2, 2022
HTML injection in email and account expiry notifications
Moderate
CVE-2021-21333
was published
for
matrix-synapse
(pip)
Mar 26, 2021
mayan-edms Cross-site Scripting vulnerability
Moderate
CVE-2018-16405
was published
for
mayan-edms
(pip)
Sep 6, 2018
Cross-site scripting (XSS) vulnerability in the password reset endpoint
Moderate
CVE-2021-21332
was published
for
matrix-synapse
(pip)
Mar 26, 2021
lxml vulnerable to Cross-site Scripting
Moderate
CVE-2020-27783
was published
for
lxml
(pip)
Jan 7, 2021
Improper Neutralization of Input During Web Page Generation in LXML
Moderate
CVE-2018-19787
was published
for
lxml
(pip)
May 13, 2022
Mako contains Cross-site Scripting vulnerability
Moderate
CVE-2010-2480
was published
for
mako
(pip)
May 17, 2022
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field
Moderate
CVE-2024-47536
was published
for
starcitizentools/citizen-skin
(Composer)
Sep 30, 2024
lxml Cross-site Scripting Via Control Characters
Moderate
CVE-2014-3146
was published
for
lxml
(pip)
May 14, 2022
markdown2 is vulnerable to cross-site scripting
Moderate
CVE-2018-5773
was published
for
markdown2
(pip)
Jul 12, 2018
Cross-site scripting in markdown2 for python
Moderate
CVE-2009-3724
was published
for
markdown2
(pip)
Apr 21, 2022
lxml vulnerable to Cross-Site Scripting
Moderate
CVE-2021-28957
was published
for
lxml
(pip)
Mar 22, 2021
ProTip!
Advisories are also available from the
GraphQL API