Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,051
Erlang
29
GitHub Actions
19
Go
1,887
Maven
5,000+
npm
3,602
NuGet
638
pip
3,205
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,187 advisories

Loading
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting... High Unreviewed
CVE-2024-1596 was published Sep 7, 2024
HTML injection in JupyterLite leading to DOM Clobbering High
GHSA-gj55-2xf9-67rq was published for jupyterlite-core (pip) Sep 6, 2024
ishmeals jackfromeast
A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If... High Unreviewed
CVE-2024-38640 was published Sep 6, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating... High Unreviewed
CVE-2024-21897 was published Sep 6, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited... High Unreviewed
CVE-2024-32762 was published Sep 6, 2024
Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full... High Unreviewed
CVE-2024-44728 was published Sep 5, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2024-2166 was published Sep 5, 2024
An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation... High Unreviewed
CVE-2024-7654 was published Sep 3, 2024
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer Release on... High Unreviewed
CVE-2024-7939 was published Sep 2, 2024
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release... High Unreviewed
CVE-2024-7938 was published Sep 2, 2024
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer Release on... High Unreviewed
CVE-2024-7932 was published Sep 2, 2024
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry... High Unreviewed
CVE-2024-8004 was published Sep 2, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-43921 was published Aug 29, 2024
A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of... High Unreviewed
CVE-2024-44777 was published Aug 29, 2024
A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of... High Unreviewed
CVE-2024-44778 was published Aug 29, 2024
A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page... High Unreviewed
CVE-2024-44779 was published Aug 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-43963 was published Aug 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-43950 was published Aug 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-43926 was published Aug 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-43958 was published Aug 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-43948 was published Aug 29, 2024
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering High
CVE-2024-43805 was published for jupyterlab (pip) Aug 29, 2024
jackfromeast ishmeals
RRosio krassowski
Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal... High Unreviewed
CVE-2024-7269 was published Aug 28, 2024
The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a... High Unreviewed
CVE-2024-41174 was published Aug 27, 2024
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System... High Unreviewed
CVE-2024-42791 was published Aug 26, 2024
ProTip! Advisories are also available from the GraphQL API