Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

154 advisories

Loading
Possible Content Security Policy bypass in Action Dispatch Low
CVE-2024-54133 was published for actionpack (RubyGems) Dec 10, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53989 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53987 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53988 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53986 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitize has XSS vulnerability with certain configurations Low
CVE-2024-53985 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
deno_doc's HTML generator vulnerable to Cross-site Scripting Low
CVE-2024-32468 was published for deno_doc (Rust) Nov 25, 2024
NeKzor
@sveltejs/kit vulnerable to on dev mode 404 page Low
CVE-2024-53261 was published for @sveltejs/kit (npm) Nov 25, 2024
benmccann eltigerchino
@sveltejs/kit has unescaped error message included on error page Low
CVE-2024-53262 was published for @sveltejs/kit (npm) Nov 25, 2024
dominikg eltigerchino
benmccann
Moodle Cross-site Scripting vulnerability Low
CVE-2024-43437 was published for moodle/moodle (Composer) Nov 11, 2024
LocalAI Cross-site Scripting vulnerability Low
CVE-2024-48057 was published for github.com/mudler/LocalAI (Go) Nov 5, 2024
Umbraco CMS Cross-site Scripting vulnerability Low
CVE-2024-10761 was published for Umbraco.Cms.Core (NuGet) Nov 4, 2024
Funadmin Cross-site Scripting vulnerability Low
CVE-2024-48228 was published for funadmin/funadmin (Composer) Oct 26, 2024
Admidio Vulnerable to HTML Injection In The Messages Section Low
CVE-2024-47836 was published for admidio/admidio (Composer) Oct 16, 2024
Kakashi1234
Contao allows admin an account to upload SVG file containing malicious JavaScript Low
CVE-2024-45965 was published for contao/contao (Composer) Oct 2, 2024
October allows an admin account to upload PDF containing malicious JavaScript Low
CVE-2024-45962 was published for october/october (Composer) Oct 2, 2024
Zenario allows authenticated admin users to upload PDF files containing malicious code Low
CVE-2024-45960 was published for tribalsystems/zenario (Composer) Oct 2, 2024
Zenario Cross Site Scripting in the Image library Low
CVE-2024-45964 was published for tribalsystems/zenario (Composer) Oct 2, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload Low
CVE-2024-47528 was published for librenms/librenms (Composer) Oct 1, 2024
minhnq1618
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature Low
CVE-2024-47526 was published for librenms/librenms (Composer) Oct 1, 2024
RaphaelCSS RaphaelCSSilva
ReLaXed Cross-site Scripting vulnerability Low
CVE-2024-9283 was published for relaxedjs (npm) Sep 27, 2024
m3t3kh4n
Cross site scripting in Concrete CMS Low
CVE-2024-8291 was published for concrete5/concrete5 (Composer) Sep 25, 2024
Cross site scripting in Concrete CMS Low
CVE-2024-7398 was published for concrete5/concrete5 (Composer) Sep 25, 2024
send vulnerable to template injection that can lead to XSS Low
CVE-2024-43799 was published for send (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
serve-static vulnerable to template injection that can lead to XSS Low
CVE-2024-43800 was published for serve-static (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
ProTip! Advisories are also available from the GraphQL API