Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

394 advisories

Loading
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`) Moderate
CVE-2024-43795 was published for @openc3/tool-common (RubyGems) Oct 2, 2024
p-
Layui has DOM Clobbering gadgets that leads to Cross-site Scripting Moderate
CVE-2024-47075 was published for layui (npm) Sep 26, 2024
jackfromeast ishmeals
Cross-site scripting (XSS) in the clipboard package Moderate
CVE-2024-45613 was published for @ckeditor/ckeditor5-clipboard (npm) Sep 25, 2024
Flowise and Flowise Chat Embed vulnerable to Stored Cross-site Scripting Moderate
CVE-2024-9148 was published for flowise (npm) Sep 25, 2024
DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSS Moderate
GHSA-84jw-g43v-8gjm was published for @rspack/core (npm) Sep 19, 2024
jackfromeast ishmeals
@backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection Moderate
CVE-2024-46976 was published for @backstage/plugin-techdocs-backend (npm) Sep 17, 2024
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS Moderate
CVE-2024-45812 was published for vite (npm) Sep 17, 2024
jackfromeast ishmeals
send vulnerable to template injection that can lead to XSS Moderate
CVE-2024-43799 was published for send (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
serve-static vulnerable to template injection that can lead to XSS Moderate
CVE-2024-43800 was published for serve-static (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
express vulnerable to XSS via response.redirect() Moderate
CVE-2024-43796 was published for express (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
DOM clobbering could escalate to Cross-site Scripting (XSS) Moderate
CVE-2024-45389 was published for @pagefind/default-ui (npm) Sep 3, 2024
ishmeals jackfromeast
Svelte has a potential mXSS vulnerability due to improper HTML escaping Moderate
CVE-2024-45047 was published for svelte (npm) Aug 30, 2024
arkark
Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS Moderate
CVE-2024-43788 was published for webpack (npm) Aug 27, 2024
jackfromeast ishmeals
mhassan1
Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability Moderate
CVE-2024-43407 was published for ckeditor4 (npm) Aug 21, 2024
Code injection in Directus Moderate
CVE-2024-6533 was published for directus (npm) Aug 15, 2024
Trix has a cross-site Scripting vulnerability on copy & paste Moderate
CVE-2024-43368 was published for trix (npm) Aug 14, 2024
Qwik has a potential mXSS vulnerability due to improper HTML escaping Moderate
CVE-2024-41677 was published for @builder.io/qwik (npm) Aug 6, 2024
arkark
Flowise Cross-site Scripting in api/v1/chatflows/id Moderate
CVE-2024-36422 was published for flowise (npm) Aug 5, 2024
Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id Moderate
CVE-2024-37145 was published for flowise (npm) Aug 5, 2024
Flowise Cross-site Scripting in/api/v1/credentials/id Moderate
CVE-2024-37146 was published for flowise (npm) Aug 5, 2024
Flowise Cross-site Scripting in /api/v1/public-chatflows/id Moderate
CVE-2024-36423 was published for flowise (npm) Aug 5, 2024
Scrypted Cross-site Scripting vulnerability Moderate
CVE-2023-47623 was published for @scrypted/core (npm) Aug 5, 2024
Scrypted Cross-site Scripting vulnerability Moderate
CVE-2023-47620 was published for @scrypted/server (npm) Aug 5, 2024
Editor.js vulnerable to Code Injection Moderate
CVE-2022-23474 was published for @editorjs/editorjs (npm) Aug 5, 2024
nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR Moderate
CVE-2024-34343 was published for nuxt (npm) Aug 5, 2024
OhB00
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database