GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,051
Erlang
29
GitHub Actions
19
Go
1,887
Maven
5,000+
npm
3,602
NuGet
638
pip
3,205
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
333 advisories
Filter by severity
HTML injection in JupyterLite leading to DOM Clobbering
High
GHSA-gj55-2xf9-67rq
was published
for
jupyterlite-core
(pip)
Sep 6, 2024
Indico has a Cross-Site-Scripting during account creation
Moderate
CVE-2024-45399
was published
for
indico
(pip)
Sep 4, 2024
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
High
CVE-2024-43805
was published
for
jupyterlab
(pip)
Aug 29, 2024
FastAPI Admin Cross-site Scripting vulnerability in the Config-Create function
Moderate
CVE-2024-42818
was published
for
fastapi-admin
(pip)
Aug 26, 2024
FastAPI Admin cross-site scripting (XSS) vulnerability in the Create Product function
Moderate
CVE-2024-42816
was published
for
fastapi-admin
(pip)
Aug 26, 2024
pretix Stored Cross-site Scripting vulnerability
High
CVE-2024-8113
was published
for
pretix
(pip)
Aug 23, 2024
Apache Airflow Cross-site Scripting Vulnerability
Moderate
CVE-2024-41937
was published
for
apache-airflow
(pip)
Aug 21, 2024
CKAN has Cross-site Scripting vector in the Datatables view plugin
Moderate
CVE-2024-41675
was published
for
ckan
(pip)
Aug 21, 2024
Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature)
Moderate
CVE-2024-43396
was published
for
khoj
(pip)
Aug 20, 2024
Open WebUI Stored Cross-Site Scripting Vulnerability
Moderate
CVE-2024-6706
was published
for
open-webui
(pip)
Aug 8, 2024
Aim Stored Cross-site Scripting Vulnerability
Moderate
CVE-2024-6578
was published
for
aim
(pip)
Jul 29, 2024
Twisted vulnerable to HTML injection in HTTP redirect body
Moderate
CVE-2024-41810
was published
for
twisted
(pip)
Jul 29, 2024
Sentry vulnerable to stored Cross-Site Scripting (XSS)
High
CVE-2024-41656
was published
for
sentry
(pip)
Jul 23, 2024
Calibre-Web Cross Site Scripting (XSS)
Moderate
CVE-2024-39123
was published
for
calibreweb
(pip)
Jul 19, 2024
Roundup Cross-site Scripting Vulnerability
Moderate
CVE-2024-39124
was published
for
roundup
(pip)
Jul 17, 2024
Roundup Cross-site Scripting Vulnerability
Moderate
CVE-2024-39125
was published
for
roundup
(pip)
Jul 17, 2024
Roundup Cross-site Scripting Vulnerability
Moderate
CVE-2024-39126
was published
for
roundup
(pip)
Jul 17, 2024
Apache Airflow Potential Cross-site Scripting Vulnerability
Moderate
CVE-2024-39863
was published
for
apache-airflow
(pip)
Jul 17, 2024
Reflected Cross-Site Scripting (XSS) in zenml
Moderate
CVE-2024-5062
was published
for
zenml
(pip)
Jun 30, 2024
Cross-site Scripting in djangorestframework
Moderate
CVE-2024-21520
was published
for
djangorestframework
(pip)
Jun 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Moderate
CVE-2024-38356
was published
for
TinyMCE
(Composer)
Jun 19, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Moderate
CVE-2024-38357
was published
for
TinyMCE
(Composer)
Jun 19, 2024
Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components
Moderate
GHSA-hjx6-f647-mvf9
was published
for
invenio-communities
(pip)
Jun 12, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter
Critical
CVE-2024-35225
was published
for
jupyter-server-proxy
(pip)
Jun 11, 2024
ProTip!
Advisories are also available from the
GraphQL API