Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,888 advisories

Loading
html injection vulnerability in the `tuitse_html` function. Moderate
CVE-2024-23341 was published for TuiTse-TsuSin (pip) Jan 22, 2024
Cross-site Scripting in Ghost Moderate
CVE-2024-23725 was published for ghost (npm) Jan 21, 2024
JavaScript execution via malicious molfiles (XSS) Moderate
CVE-2024-0758 was published for de.ipb-halle:molecularfaces (Maven) Jan 19, 2024
JupyterLab vulnerable to SXSS in Markdown Preview Moderate
CVE-2024-22420 was published for jupyterlab (pip) Jan 19, 2024
Cross-site scripting (XSS) in Action messages on Avo Moderate
CVE-2024-22411 was published for avo (RubyGems) Jan 17, 2024
stevegeek tamaloa
Cross-site Scripting in Bagisto Moderate
CVE-2023-36236 was published for bagisto/bagisto (Composer) Jan 17, 2024
Stored Cross Site Scripting in beetl-bbs Moderate
CVE-2024-22491 was published for com.ibeetl:beetl (Maven) Jan 16, 2024
readthedocs-sphinx-search vulnerable to cross-site scripting when including search results from malicious projects Moderate
GHSA-xgfm-fjx6-62mj was published for readthedocs-sphinx-search (pip) Jan 16, 2024
stsewd
avo vulnerable to stored cross-site scripting (XSS) in key_value field High
CVE-2024-22191 was published for avo (RubyGems) Jan 16, 2024
Mys7ic FLX-0x00
tamaloa
Cross-site Scripting in JFinal Moderate
CVE-2024-22493 was published for com.jfinal:jfinal (Maven) Jan 12, 2024
Cross-site Scripting in JFinal Moderate
CVE-2024-22492 was published for com.jfinal:jfinal (Maven) Jan 12, 2024
Django Template Engine Vulnerable to XSS Critical
CVE-2024-22199 was published for github.com/gofiber/template/django/v3 (Go) Jan 11, 2024
bastianwegge sixcolors
gaby ReneWerner87 efectn
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter Moderate
CVE-2024-22195 was published for jinja2 (pip) Jan 11, 2024
CalumHutton
Qualys Jenkins Plugin for Policy Compliance Cross-site Scripting vulnerability Moderate
CVE-2023-6148 was published for com.qualys.plugins:qualys-pc (Maven) Jan 9, 2024
Firefly III allows webhooks HTML Injection. Moderate
CVE-2024-22075 was published for grumpydictator/firefly-iii (Composer) Jan 5, 2024
view_component Cross-site Scripting vulnerability Moderate
CVE-2024-21636 was published for view_component (RubyGems) Jan 4, 2024
BlakeWilliams camertron
Duplicate Advisory: govuk_tech_docs vulnerable to unescaped HTML on search results page Low
GHSA-4mvm-xh8j-fv27 was published for govuk_tech_docs (RubyGems) Jan 4, 2024 withdrawn
PrestaShop XSS can be stored in DB from "add a message form" in order detail page (FO) Moderate
CVE-2024-21628 was published for prestashop/prestashop (Composer) Jan 3, 2024
matthieu-rolland AureRita
boherm matks nicosomb
PrestaShop some attribute not escaped in Validate::isCleanHTML method High
CVE-2024-21627 was published for prestashop/prestashop (Composer) Jan 3, 2024
Antonio-R1 antoniospataro
matthieu-rolland AureRita boherm matks
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE Moderate
GHSA-q5pp-5q2h-g8rv was published for tinymce (npm) Jan 3, 2024 withdrawn
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE plugins Moderate
GHSA-wxj2-777f-vxmf was published for tinymce (npm) Jan 3, 2024 withdrawn
Duplicate Advisory: Cross-site scripting vulnerability in TinyMCE Moderate
GHSA-gjhc-6xm7-mc8q was published for tinymce (npm) Jan 3, 2024 withdrawn
OWASP.AntiSamy mXSS when preserving comments Moderate
CVE-2023-51652 was published for OWASP.AntiSamy (NuGet) Jan 2, 2024
leeN spassarop
Layui cross-site scripting (XSS) vulnerability Moderate
CVE-2023-50550 was published for layui (npm) Dec 30, 2023
Mattermost Cross-site Scripting vulnerability Low
CVE-2023-7113 was published for github.com/mattermost/mattermost/server/v8 (Go) Dec 29, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database