GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
486 advisories
XSS sidekiq-unique-jobs UI server vulnerability
High
CVE-2024-25122
was published
for
sidekiq-unique-jobs
(RubyGems)
Feb 13, 2024
Statmic CMS vulnerable to account takeover via XSS and password reset link
High
CVE-2024-24570
was published
for
statamic/cms
(Composer)
Feb 1, 2024
react-query-streamed-hydration Cross-site Scripting vulnerability
High
CVE-2024-24558
was published
for
@tanstack/react-query-next-experimental
(npm)
Jan 30, 2024
Cross-site Scripting Vulnerability on Avatar Upload
High
CVE-2023-47115
was published
for
label-studio
(pip)
Jan 24, 2024
XSS potential in rendered Markdown fields (comments, description, notes, etc.)
High
CVE-2024-23345
was published
for
nautobot
(pip)
Jan 23, 2024
avo vulnerable to stored cross-site scripting (XSS) in key_value field
High
CVE-2024-22191
was published
for
avo
(RubyGems)
Jan 16, 2024
PrestaShop some attribute not escaped in Validate::isCleanHTML method
High
CVE-2024-21627
was published
for
prestashop/prestashop
(Composer)
Jan 3, 2024
Magento LTS vulnerable to Stored XSS via TinyMCE WYSIWYG Editor
High
GHSA-9j5w-2cqc-cwj9
was published
for
openmage/magento-lts
(Composer)
Dec 8, 2023
Improper Neutralization of Input in Advanced User Interface for Jolt
High
CVE-2023-49145
was published
for
org.apache.nifi:nifi-jolt-transform-json-ui
(Maven)
Nov 28, 2023
Cross-site Scripting via uploaded assets
High
CVE-2023-48701
was published
for
statamic/cms
(Composer)
Nov 22, 2023
Cross-site Scripting via missing Binding syntax validation
High
CVE-2023-45683
was published
for
github.com/crewjam/saml
(Go)
Oct 17, 2023
ProTip!
Advisories are also available from the
GraphQL API