Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,132
Erlang
29
GitHub Actions
19
Go
1,937
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

184 advisories

Loading
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone... Moderate Unreviewed
CVE-2024-20460 was published Oct 16, 2024
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ... Moderate Unreviewed
CVE-2024-47139 was published Oct 16, 2024
Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS Moderate
CVE-2024-47765 was published for dev-lancer/minecraft-motd-parser (Composer) Oct 4, 2024
Krymonota jgniecki
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that... Moderate Unreviewed
CVE-2024-38039 was published Oct 4, 2024
The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due... High Unreviewed
CVE-2024-8981 was published Oct 1, 2024
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field Moderate
CVE-2024-47536 was published for starcitizentools/citizen-skin (Composer) Sep 30, 2024
BlankEclair
The Store Hours for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2024-8872 was published Sep 26, 2024
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-8680 was published Sep 21, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in TE... High Unreviewed
CVE-2024-2010 was published Sep 12, 2024
Craft CMS vulnerable to stored XSS in breadcrumb list and title fields Moderate
CVE-2024-45406 was published for craftcms/cms (Composer) Sep 9, 2024
amame04
XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2... Moderate Unreviewed
CVE-2024-38859 was published Aug 26, 2024
A vulnerability, which was classified as problematic, has been found in ClassCMS 4.8. Affected by... Moderate Unreviewed
CVE-2024-8145 was published Aug 25, 2024
The Responsive video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2024-7629 was published Aug 21, 2024
Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Moderate Unreviewed
CVE-2024-41697 was published Aug 20, 2024
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution Critical
CVE-2024-41947 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Jul 31, 2024
Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Moderate Unreviewed
CVE-2024-41693 was published Jul 30, 2024
Sentry vulnerable to stored Cross-Site Scripting (XSS) High
CVE-2024-41656 was published for sentry (pip) Jul 23, 2024
stsewd
An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in... High Unreviewed
CVE-2024-32484 was published Jul 22, 2024
Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote... Moderate Unreviewed
CVE-2024-27716 was published Jul 5, 2024
Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users... Moderate Unreviewed
CVE-2024-6052 was published Jul 3, 2024
Cross-site Scripting in ZenUML Moderate
CVE-2024-38527 was published for @zenuml/core (npm) Jun 26, 2024
Yash-Singh1
Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2... Moderate Unreviewed
CVE-2024-28832 was published Jun 25, 2024
Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows... Moderate Unreviewed
CVE-2024-28831 was published Jun 25, 2024
Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute... Moderate Unreviewed
CVE-2024-37732 was published Jun 24, 2024
A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. Affected is an... Low Unreviewed
CVE-2024-6251 was published Jun 22, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database