Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

378 advisories

Loading
Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page High
CVE-2024-30248 was published for piccolo-admin (pip) Apr 1, 2024
Skelmis
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing High
CVE-2024-28233 was published for jupyterhub (pip) Mar 28, 2024
Th0h0
XSS via the "Snapshot Test" feature in Classic Webcam plugin settings Moderate
CVE-2024-28237 was published for OctoPrint (pip) Mar 18, 2024
jacopotediosi
Whoogle Search Cross-site Scripting vulnerability Moderate
CVE-2024-22417 was published for whoogle-search (pip) Mar 14, 2024
Django MarkdownX Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-2319 was published for django-markdownx (pip) Mar 8, 2024
esphome vulnerable to stored Cross-site Scripting in edit configuration file API Moderate
CVE-2024-27287 was published for esphome (pip) Mar 6, 2024
Docassemble HTML and javascript injection Moderate
CVE-2024-27290 was published for docassemble.webapp (pip) Feb 29, 2024
richighimi
Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS) Moderate
CVE-2024-27083 was published for Flask-AppBuilder (pip) Feb 28, 2024
chor4o dpgaspar
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution Critical
CVE-2024-27133 was published for mlflow (pip) Feb 24, 2024
oscerd gabby202308
Cross-site Scripting in MLFlow Critical
CVE-2024-27132 was published for mlflow (pip) Feb 24, 2024
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config Moderate
CVE-2024-26152 was published for label-studio (pip) Feb 22, 2024
isacaya
Potentially untrusted input is rendered as HTML in final output High
CVE-2024-26151 was published for mjml (pip) Feb 22, 2024
sh-at-cs
Cross-site Scripting in Pyhtml2pdf High
CVE-2024-1647 was published for pyhtml2pdf (pip) Feb 20, 2024
Dash apps vulnerable to Cross-site Scripting Moderate
CVE-2024-21485 was published for dash (npm) Feb 2, 2024
graingert
Cross-site Scripting Vulnerability on Data Import Moderate
CVE-2024-23633 was published for label-studio (pip) Jan 24, 2024
alex-elttam
Cross-site Scripting Vulnerability on Avatar Upload High
CVE-2023-47115 was published for label-studio (pip) Jan 24, 2024
alex-elttam
Cross-site Scripting in Apache superset Critical
CVE-2023-49657 was published for apache-superset (pip) Jan 23, 2024
XSS potential in rendered Markdown fields (comments, description, notes, etc.) High
CVE-2024-23345 was published for nautobot (pip) Jan 23, 2024
Kircheneer
html injection vulnerability in the `tuitse_html` function. Moderate
CVE-2024-23341 was published for TuiTse-TsuSin (pip) Jan 22, 2024
JupyterLab vulnerable to SXSS in Markdown Preview Moderate
CVE-2024-22420 was published for jupyterlab (pip) Jan 19, 2024
readthedocs-sphinx-search vulnerable to cross-site scripting when including search results from malicious projects Moderate
GHSA-xgfm-fjx6-62mj was published for readthedocs-sphinx-search (pip) Jan 16, 2024
stsewd
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter Moderate
CVE-2024-22195 was published for jinja2 (pip) Jan 11, 2024
CalumHutton
Apache Airflow has a stored cross-site scripting vulnerability Moderate
CVE-2023-47265 was published for apache-airflow (pip) Dec 21, 2023
Maloja error page XSS vulnerability Moderate
GHSA-4h72-34j6-j8x7 was published for malojaserver (pip) Dec 18, 2023
NULLYUKI
Cross-site Scripting (XSS) in MLflow Moderate
CVE-2023-6568 was published for mlflow (pip) Dec 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database