GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,368 advisories
Filter by severity
A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin ...
Low
Unreviewed
CVE-2024-9101
was published
Dec 19, 2024
ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown because the markdown-to-jsx...
Low
Unreviewed
CVE-2024-56082
was published
Dec 15, 2024
Possible Content Security Policy bypass in Action Dispatch
Low
CVE-2024-54133
was published
for
actionpack
(RubyGems)
Dec 10, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations
Low
CVE-2024-53989
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations
Low
CVE-2024-53987
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations
Low
CVE-2024-53988
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations
Low
CVE-2024-53986
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
rails-html-sanitize has XSS vulnerability with certain configurations
Low
CVE-2024-53985
was published
for
rails-html-sanitizer
(RubyGems)
Dec 2, 2024
deno_doc's HTML generator vulnerable to Cross-site Scripting
Low
CVE-2024-32468
was published
for
deno_doc
(Rust)
Nov 25, 2024
@sveltejs/kit vulnerable to on dev mode 404 page
Low
CVE-2024-53261
was published
for
@sveltejs/kit
(npm)
Nov 25, 2024
@sveltejs/kit has unescaped error message included on error page
Low
CVE-2024-53262
was published
for
@sveltejs/kit
(npm)
Nov 25, 2024
Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a...
Low
Unreviewed
CVE-2024-51337
was published
Nov 21, 2024
A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows...
Low
Unreviewed
CVE-2022-1226
was published
Nov 15, 2024
IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a...
Low
Unreviewed
CVE-2024-45099
was published
Nov 14, 2024
Moodle Cross-site Scripting vulnerability
Low
CVE-2024-43437
was published
for
moodle/moodle
(Composer)
Nov 11, 2024
LocalAI Cross-site Scripting vulnerability
Low
CVE-2024-48057
was published
for
github.com/mudler/LocalAI
(Go)
Nov 5, 2024
Umbraco CMS Cross-site Scripting vulnerability
Low
CVE-2024-10761
was published
for
Umbraco.Cms.Core
(NuGet)
Nov 4, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Low
Unreviewed
CVE-2024-5532
was published
Oct 28, 2024
Funadmin Cross-site Scripting vulnerability
Low
CVE-2024-48228
was published
for
funadmin/funadmin
(Composer)
Oct 26, 2024
There is an XSS vulnerability in some HikCentral Master Lite versions. If exploited, an attacker...
Low
Unreviewed
CVE-2024-47486
was published
Oct 18, 2024
Admidio Vulnerable to HTML Injection In The Messages Section
Low
CVE-2024-47836
was published
for
admidio/admidio
(Composer)
Oct 16, 2024
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings
Low
Unreviewed
CVE-2024-47951
was published
Oct 8, 2024
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings
Low
Unreviewed
CVE-2024-47950
was published
Oct 8, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Low
Unreviewed
CVE-2024-43687
was published
Oct 4, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Low
Unreviewed
CVE-2024-43686
was published
Oct 4, 2024
ProTip!
Advisories are also available from the
GraphQL API