GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
27,838 advisories
Filter by severity
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-45451
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-43977
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-44047
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-44009
was published
Sep 18, 2024
@backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection
Moderate
CVE-2024-46976
was published
for
@backstage/plugin-techdocs-backend
(npm)
Sep 17, 2024
A vulnerability classified as problematic was found in SourceCodester Resort Reservation System 1...
Moderate
Unreviewed
CVE-2024-8951
was published
Sep 17, 2024
Concrete CMS stored XSS vulnerability in the "Top Navigator Bar" block
Moderate
CVE-2024-8660
was published
for
concrete5/concrete5
(Composer)
Sep 17, 2024
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
Moderate
CVE-2024-45812
was published
for
vite
(npm)
Sep 17, 2024
This vulnerability occurs when user-supplied input is improperly sanitized and then reflected...
Moderate
Unreviewed
CVE-2024-38380
was published
Sep 17, 2024
Wire UI has a JS XSS Vulnerability on route /wireui/button?label=Content
Moderate
CVE-2024-45803
was published
for
wireui/wireui
(Composer)
Sep 17, 2024
Improper neutralization of input in Checkmk before versions 2.3.0p16 and 2.2.0p34 allows...
Moderate
Unreviewed
CVE-2024-38860
was published
Sep 17, 2024
Contao affected by insert tag injection via canonical URL
Moderate
CVE-2024-45612
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
Concrete CMS Stored XSS in the "Next&Previous Nav" block
Moderate
CVE-2024-8661
was published
for
concrete5/concrete5
(Composer)
Sep 16, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor
Moderate
CVE-2024-39910
was published
for
decidim
(RubyGems)
Sep 16, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log
Moderate
CVE-2024-32034
was published
for
decidim-admin
(RubyGems)
Sep 16, 2024
SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing...
Moderate
Unreviewed
CVE-2024-8776
was published
Sep 16, 2024
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible
Low
Unreviewed
CVE-2024-46970
was published
Sep 16, 2024
A vulnerability was found in Perfex CRM 3.1.6. It has been declared as problematic. This...
Moderate
Unreviewed
CVE-2024-8867
was published
Sep 16, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-45459
was published
Sep 16, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-44054
was published
Sep 16, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-44063
was published
Sep 16, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-44058
was published
Sep 16, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-44056
was published
Sep 16, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-44059
was published
Sep 16, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-44062
was published
Sep 16, 2024
ProTip!
Advisories are also available from the
GraphQL API