GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,051
Erlang
29
GitHub Actions
19
Go
1,887
Maven
5,000+
npm
3,602
NuGet
638
pip
3,205
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,187 advisories
Filter by severity
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
High
Unreviewed
CVE-2024-1596
was published
Sep 7, 2024
HTML injection in JupyterLite leading to DOM Clobbering
High
GHSA-gj55-2xf9-67rq
was published
for
jupyterlite-core
(pip)
Sep 6, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If...
High
Unreviewed
CVE-2024-38640
was published
Sep 6, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating...
High
Unreviewed
CVE-2024-21897
was published
Sep 6, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited...
High
Unreviewed
CVE-2024-32762
was published
Sep 6, 2024
Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full...
High
Unreviewed
CVE-2024-44728
was published
Sep 5, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2024-2166
was published
Sep 5, 2024
An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation...
High
Unreviewed
CVE-2024-7654
was published
Sep 3, 2024
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer Release on...
High
Unreviewed
CVE-2024-7939
was published
Sep 2, 2024
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer from Release...
High
Unreviewed
CVE-2024-7938
was published
Sep 2, 2024
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer Release on...
High
Unreviewed
CVE-2024-7932
was published
Sep 2, 2024
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry...
High
Unreviewed
CVE-2024-8004
was published
Sep 2, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-43921
was published
Aug 29, 2024
A reflected cross-site scripting (XSS) vulnerability in the tag parameter in the index page of...
High
Unreviewed
CVE-2024-44777
was published
Aug 29, 2024
A reflected cross-site scripting (XSS) vulnerability in the parent parameter in the index page of...
High
Unreviewed
CVE-2024-44778
was published
Aug 29, 2024
A reflected cross-site scripting (XSS) vulnerability in the viewname parameter in the index page...
High
Unreviewed
CVE-2024-44779
was published
Aug 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-43963
was published
Aug 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-43950
was published
Aug 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-43926
was published
Aug 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-43958
was published
Aug 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-43948
was published
Aug 29, 2024
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
High
CVE-2024-43805
was published
for
jupyterlab
(pip)
Aug 29, 2024
Improper Neutralization of Input During Web Page Generation vulnerability in "Update of Personal...
High
Unreviewed
CVE-2024-7269
was published
Aug 28, 2024
The IPC-Diagnostics package in TwinCAT/BSD is susceptible to improper input neutralization by a...
High
Unreviewed
CVE-2024-41174
was published
Aug 27, 2024
A Cross-Site Request Forgery (CSRF) vulnerability was found in Kashipara Music Management System...
High
Unreviewed
CVE-2024-42791
was published
Aug 26, 2024
ProTip!
Advisories are also available from the
GraphQL API