Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,887 advisories

Loading
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details Moderate
CVE-2024-32077 was published for apache-airflow (pip) May 14, 2024
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages High
CVE-2024-34707 was published for nautobot (pip) May 13, 2024
michaelpanorios
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue High
CVE-2023-49781 was published for nocodb (npm) May 13, 2024
zpbrent
NocoDB Allows Preview of Files with Dangerous Content Moderate
CVE-2023-50717 was published for nocodb (npm) May 13, 2024
pyozzi-toss
Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting Moderate
CVE-2024-34081 was published for mantisbt/mantisbt (Composer) May 13, 2024
atrol unboundeduniverse
dregad
Sylius has potential Cross Site Scripting vulnerability via the "Province" field in the Checkout and Address Book Moderate
CVE-2024-29376 was published for sylius/sylius (Composer) May 10, 2024
Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel Moderate
CVE-2024-34349 was published for sylius/sylius (Composer) May 10, 2024
Blind XSS Leading to Froxlor Application Compromise Critical
CVE-2024-34070 was published for froxlor/froxlor (Composer) May 10, 2024
UmerAdeemCheema
MS Basic Cross-site Scripting vulnerability Moderate
CVE-2024-33748 was published for net.mingsoft:ms-basic (Maven) May 7, 2024
Trix Editor Arbitrary Code Execution Vulnerability Moderate
CVE-2024-34341 was published for actiontext (RubyGems) May 7, 2024
chadlwilson
react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js High
CVE-2024-34342 was published for react-pdf (npm) May 7, 2024
calixteman ThomasRinsma
wojtekmaj
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter Moderate
CVE-2024-34064 was published for Jinja2 (pip) May 6, 2024
Ry0taK
MediaWiki UnlinkedWikibase Cross-site Scripting vulnerability Moderate
CVE-2024-34500 was published for samwilson/unlinked-wikibase (Composer) May 5, 2024
R4356th
ThinkPHP Cross-Site Scripting Vulnerability Moderate
CVE-2024-34467 was published for topthink/framework (Composer) May 4, 2024
Zenario's Tree Explorer tool from Organizer affected by Cross-site Scripting Moderate
CVE-2024-34460 was published for tribalsystems/zenario (Composer) May 4, 2024
Pterodactyl panel's admin area vulnerable to Cross-site Scripting Moderate
CVE-2024-34067 was published for pterodactyl/panel (Composer) May 3, 2024
TrixterTheTux matthewpi
Vditor allows Cross-site Scripting via an attribute of an `A` element Moderate
CVE-2024-34449 was published for vditor (npm) May 3, 2024
changedetection.io Cross-site Scripting vulnerability Moderate
CVE-2024-34061 was published for changedetection.io (pip) May 3, 2024
Nguyen-Trung-Kien
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload High
CVE-2024-4216 was published for pgAdmin4 (pip) May 2, 2024
static-web-server vulnerable to stored Cross-site Scripting in directory listings via file names Moderate
CVE-2024-32966 was published for static-web-server (Rust) May 1, 2024
palant joseluisq
Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values High
CVE-2024-32970 was published for phlex (RubyGems) May 1, 2024
joeldrapper
nautobot has reflected Cross-site Scripting potential in all object list views High
CVE-2024-32979 was published for nautobot (pip) May 1, 2024
michaelpanorios
Lavalite CMS Cross Site Scripting vulnerability Moderate
CVE-2024-31828 was published for lavalite/cms (Composer) Apr 27, 2024
Sidekiq vulnerable to a Reflected XSS in Queues Web Page Moderate
CVE-2024-32887 was published for sidekiq (RubyGems) Apr 26, 2024
UmerAdeemCheema
Passbolt API allows HTML injection Moderate
CVE-2024-33670 was published for passbolt/passbolt_api (Composer) Apr 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database