Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,887 advisories

Loading
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor Moderate
CVE-2024-39910 was published for decidim (RubyGems) Sep 16, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log Moderate
CVE-2024-32034 was published for decidim-admin (RubyGems) Sep 16, 2024
Aim Stored XSS through TEXT EXPLORER Moderate
CVE-2024-8863 was published for aim (pip) Sep 16, 2024
MindsDB Cross-site Scripting vulnerability Moderate
CVE-2024-45856 was published for mindsdb (pip) Sep 12, 2024
D-Tale vulnerable to Remote Code Execution through the Query input on Chart Builder Moderate
CVE-2024-45595 was published for dtale (pip) Sep 10, 2024
AfterSnows
send vulnerable to template injection that can lead to XSS Low
CVE-2024-43799 was published for send (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
serve-static vulnerable to template injection that can lead to XSS Low
CVE-2024-43800 was published for serve-static (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
express vulnerable to XSS via response.redirect() Low
CVE-2024-43796 was published for express (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped Moderate
CVE-2024-45592 was published for damienharper/auditor-bundle (Composer) Sep 10, 2024
fkropfhamer
Craft CMS vulnerable to stored XSS in breadcrumb list and title fields Moderate
CVE-2024-45406 was published for craftcms/cms (Composer) Sep 9, 2024
amame04
Gouniverse GoLang CMS vulnerable to Cross-site Scripting Moderate
CVE-2024-8572 was published for github.com/gouniverse/cms (Go) Sep 8, 2024
HTML injection in JupyterLite leading to DOM Clobbering Moderate
GHSA-gj55-2xf9-67rq was published for jupyterlite-core (pip) Sep 6, 2024
ishmeals jackfromeast
Indico has a Cross-Site-Scripting during account creation Moderate
CVE-2024-45399 was published for indico (pip) Sep 4, 2024
DOM clobbering could escalate to Cross-site Scripting (XSS) Moderate
CVE-2024-45389 was published for @pagefind/default-ui (npm) Sep 3, 2024
ishmeals jackfromeast
Svelte has a potential mXSS vulnerability due to improper HTML escaping Moderate
CVE-2024-45047 was published for svelte (npm) Aug 30, 2024
arkark
Serilog Client IP Spoofing vulnerability Moderate
CVE-2024-44930 was published for Serilog.Enrichers.ClientInfo (NuGet) Aug 29, 2024
vbakke
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information Moderate
CVE-2024-45046 was published for phpoffice/phpexcel (Composer) Aug 29, 2024
emilvirkki marcinwealthon
neodc
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering High
CVE-2024-43805 was published for jupyterlab (pip) Aug 29, 2024
jackfromeast ishmeals
RRosio krassowski
Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS Moderate
CVE-2024-43788 was published for webpack (npm) Aug 27, 2024
jackfromeast ishmeals
mhassan1
FastAPI Admin Cross-site Scripting vulnerability in the Config-Create function Moderate
CVE-2024-42818 was published for fastapi-admin (pip) Aug 26, 2024
FastAPI Admin cross-site scripting (XSS) vulnerability in the Create Product function Moderate
CVE-2024-42816 was published for fastapi-admin (pip) Aug 26, 2024
Automad Cross-site Scripting vulnerability Moderate
CVE-2024-40111 was published for automad/automad (Composer) Aug 23, 2024 withdrawn
marcantondahmen
pretix Stored Cross-site Scripting vulnerability High
CVE-2024-8113 was published for pretix (pip) Aug 23, 2024
p-w
Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036) Moderate
CVE-2024-41658 was published for github.com/casdoor/casdoor (Go) Aug 22, 2024
Apache Airflow Cross-site Scripting Vulnerability Moderate
CVE-2024-41937 was published for apache-airflow (pip) Aug 21, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database