Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,051
Erlang
29
GitHub Actions
19
Go
1,887
Maven
5,000+
npm
3,602
NuGet
638
pip
3,205
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

274 advisories

Loading
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows... Critical Unreviewed
CVE-2024-45265 was published Aug 26, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2023-6452 was published Aug 22, 2024
XWiki Platform allows XSS through XClass name in string properties Critical
CVE-2024-43400 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Aug 19, 2024
Azure Stack Hub Spoofing Vulnerability Critical Unreviewed
CVE-2024-38108 was published Aug 13, 2024
An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara... Critical Unreviewed
CVE-2024-40482 was published Aug 12, 2024
AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL... Critical Unreviewed
CVE-2024-41476 was published Aug 12, 2024
Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to... Critical Unreviewed
CVE-2024-28740 was published Aug 6, 2024
An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a... Critical Unreviewed
CVE-2024-28739 was published Aug 6, 2024
Long pressing on a download link could potentially allow Javascript commands to be executed... Critical Unreviewed
CVE-2024-43111 was published Aug 6, 2024
Gitea Cross-site Scripting Vulnerability Critical
CVE-2024-6886 was published for code.gitea.io/gitea (Go) Aug 6, 2024
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a... Critical Unreviewed
CVE-2024-42009 was published Aug 5, 2024
A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7... Critical Unreviewed
CVE-2024-42008 was published Aug 5, 2024
NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint Critical
CVE-2023-49785 was published for nextchat (npm) Aug 5, 2024
nvn1729
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution Critical
CVE-2024-41947 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Jul 31, 2024
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version... Critical Unreviewed
CVE-2024-6035 was published Jul 11, 2024
Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to... Critical Unreviewed
CVE-2024-40618 was published Jul 11, 2024
Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts. Critical Unreviewed
CVE-2024-23997 was published Jul 5, 2024
goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via... Critical Unreviewed
CVE-2024-23998 was published Jul 5, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated... Critical Unreviewed
CVE-2024-31401 was published Jun 11, 2024
Mautic is vulnerable to XSS vulnerability Critical
CVE-2020-35125 was published for mautic/core (Composer) May 15, 2024
nvn1729
PrestaShop cross-site scripting via customer contact form in FO, through file upload Critical
CVE-2024-34716 was published for prestashop/prestashop (Composer) May 14, 2024
matthieu-rolland aelmokhtar
An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection. Critical Unreviewed
CVE-2024-33868 was published May 14, 2024
Blind XSS Leading to Froxlor Application Compromise Critical
CVE-2024-34070 was published for froxlor/froxlor (Composer) May 10, 2024
UmerAdeemCheema
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows... Critical Unreviewed
CVE-2024-32340 was published Apr 17, 2024
ProTip! Advisories are also available from the GraphQL API