Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,887 advisories

Loading
Scrypted Cross-site Scripting vulnerability Moderate
CVE-2023-47620 was published for @scrypted/server (npm) Aug 5, 2024
Scrypted Cross-site Scripting vulnerability Moderate
CVE-2023-47623 was published for @scrypted/core (npm) Aug 5, 2024
Editor.js vulnerable to Code Injection Moderate
CVE-2022-23474 was published for @editorjs/editorjs (npm) Aug 5, 2024
nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR Moderate
CVE-2024-34343 was published for nuxt (npm) Aug 5, 2024
OhB00
Microweber Cross Site Scripting (XSS) vulnerability Moderate
CVE-2024-41380 was published for microweber/microweber (Composer) Aug 5, 2024
Microweber Cross Site Scripting (XSS) vulnerability Moderate
CVE-2024-41381 was published for microweber/microweber (Composer) Aug 5, 2024
Reposilite artifacts vulnerable to Stored Cross-site Scripting High
CVE-2024-36115 was published for com.reposilite:reposilite-backend (Maven) Aug 2, 2024
artsploit
Concrete CMS vulnerable to Stored Cross-site Scripting Moderate
CVE-2024-4353 was published for concrete5/concrete5 (Composer) Aug 1, 2024
ZITADEL has improper HTML sanitization in emails and Console UI Moderate
CVE-2024-41953 was published for github.com/zitadel/zitadel (Go) Jul 31, 2024
livio-a
eZ Platform Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget Moderate
GHSA-gc5h-6jx9-q2qh was published for ezsystems/ezplatform-admin-ui (Composer) Jul 31, 2024
4rdr
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution Critical
CVE-2024-41947 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Jul 31, 2024
Ibexa Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget Moderate
CVE-2024-39318 was published for ibexa/admin-ui (Composer) Jul 31, 2024
4rdr
Bolt CMS Cross-site Scripting vulnerability Moderate
CVE-2024-7300 was published for bolt/bolt (Composer) Jul 31, 2024
Aim Stored Cross-site Scripting Vulnerability Moderate
CVE-2024-6578 was published for aim (pip) Jul 29, 2024
Twisted vulnerable to HTML injection in HTTP redirect body Moderate
CVE-2024-41810 was published for twisted (pip) Jul 29, 2024
v1ktor0t twm
Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs Moderate
CVE-2024-41676 was published for openmage/magento-lts (Composer) Jul 29, 2024
justlife4x4 Flyingmana
ICEcoder vulnerable to Cross Site Scripting High
CVE-2024-41374 was published for icecoder/icecoder (Composer) Jul 26, 2024
ICEcoder vulnerable to Cross Site Scripting High
CVE-2024-41375 was published for icecoder/icecoder (Composer) Jul 26, 2024
Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar Moderate
CVE-2024-47069 was published for oveleon/contao-cookiebar (Composer) Jul 26, 2024
usdResponsibleDisclosure
Sentry vulnerable to stored Cross-Site Scripting (XSS) High
CVE-2024-41656 was published for sentry (pip) Jul 23, 2024
stsewd
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS) Moderate
CVE-2024-6783 was published for vue-template-compiler (npm) Jul 23, 2024
sdesalas
Apache Syncope Improper Input Validation vulnerability High
CVE-2024-38503 was published for org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui (Maven) Jul 22, 2024
Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places Moderate
CVE-2024-41709 was published for backdrop/backdrop (Composer) Jul 22, 2024
Calibre-Web Cross Site Scripting (XSS) Moderate
CVE-2024-39123 was published for calibreweb (pip) Jul 19, 2024
Roundup Cross-site Scripting Vulnerability Moderate
CVE-2024-39124 was published for roundup (pip) Jul 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database