Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,888 advisories

Loading
Temporal UI Server cross-site scripting vulnerability Moderate
CVE-2024-2435 was published for github.com/temporalio/ui-server/v2 (Go) Apr 2, 2024
CA17 TeamsACS Cross Site Scripting vulnerability Moderate
CVE-2024-22780 was published for github.com/ca17/teamsacs (Go) Apr 2, 2024
RosarioSIS cross site scripting vulnerability Low
CVE-2024-3138 was published for francoisjacquet/rosariosis (Composer) Apr 2, 2024
Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page High
CVE-2024-30248 was published for piccolo-admin (pip) Apr 1, 2024
Skelmis
Bonita cross-site scripting vulnerability Moderate
CVE-2024-27609 was published for org.bonitasoft.console:bonita-web-server (Maven) Apr 1, 2024
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing High
CVE-2024-28233 was published for jupyterhub (pip) Mar 28, 2024
Th0h0
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass High
CVE-2024-29891 was published for github.com/zitadel/zitadel (Go) Mar 28, 2024
amit-laish fforootd
livio-a adlerhurst
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes Moderate
CVE-2024-29203 was published for TinyMCE (Composer) Mar 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements Moderate
CVE-2024-29881 was published for TinyMCE (Composer) Mar 26, 2024
dcat-admin Cross Site Scripting vulnerability Moderate
CVE-2024-29644 was published for dcat/laravel-admin (Composer) Mar 26, 2024
phpMyFAQ stored Cross-site Scripting at user email Moderate
CVE-2024-27300 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin
phpMyFAQ Stored Cross-site Scripting at FAQ News Content Moderate
CVE-2024-28106 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin
phpMyFAQ Stored HTML Injection at contentLink Moderate
CVE-2024-28108 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin
phpMyFAQ Stored Cross-site Scripting at File Attachments Moderate
CVE-2024-29179 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained Moderate
CVE-2024-29034 was published for carrierwave (RubyGems) Mar 25, 2024
a-zara-n
Cross-site Scripting in Moodle Chat Moderate
CVE-2024-28593 was published for moodle/moodle (Composer) Mar 22, 2024
VvvebJs Reflected Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-29271 was published for vvvebjs (npm) Mar 22, 2024
Cross site scripting in moodle Moderate
CVE-2024-29374 was published for moodle/moodle (Composer) Mar 21, 2024
Cross-site scripting in Survey Creator Moderate
CVE-2024-28635 was published for survey-creator (npm) Mar 21, 2024
GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23821 was published for org.geoserver:gs-gwc (Maven) Mar 20, 2024
sikeoka
GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23819 was published for org.geoserver.extension:gs-mapml (Maven) Mar 20, 2024
sikeoka
GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23818 was published for org.geoserver:gs-wms (Maven) Mar 20, 2024
sikeoka
GeoServer's GWC Seed Form vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23643 was published for org.geoserver:gs-gwc-rest (Maven) Mar 20, 2024
sikeoka
GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23642 was published for org.geoserver:gs-wms (Maven) Mar 20, 2024
sikeoka
GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2024-23640 was published for org.geoserver:gs-main (Maven) Mar 20, 2024
sikeoka
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database