Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

168 advisories

Loading
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-7785 was published Sep 19, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-6877 was published Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-5959 was published Sep 18, 2024
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be... Critical Unreviewed
CVE-2024-8695 was published Sep 12, 2024
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows... Critical Unreviewed
CVE-2024-45265 was published Aug 26, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2023-6452 was published Aug 22, 2024
Azure Stack Hub Spoofing Vulnerability Critical Unreviewed
CVE-2024-38108 was published Aug 13, 2024
AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL... Critical Unreviewed
CVE-2024-41476 was published Aug 12, 2024
An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara... Critical Unreviewed
CVE-2024-40482 was published Aug 12, 2024
An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a... Critical Unreviewed
CVE-2024-28739 was published Aug 6, 2024
Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to... Critical Unreviewed
CVE-2024-28740 was published Aug 6, 2024
Long pressing on a download link could potentially allow Javascript commands to be executed... Critical Unreviewed
CVE-2024-43111 was published Aug 6, 2024
A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7... Critical Unreviewed
CVE-2024-42008 was published Aug 5, 2024
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a... Critical Unreviewed
CVE-2024-42009 was published Aug 5, 2024
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version... Critical Unreviewed
CVE-2024-6035 was published Jul 11, 2024
Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to... Critical Unreviewed
CVE-2024-40618 was published Jul 11, 2024
Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts. Critical Unreviewed
CVE-2024-23997 was published Jul 5, 2024
goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via... Critical Unreviewed
CVE-2024-23998 was published Jul 5, 2024
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated... Critical Unreviewed
CVE-2024-31401 was published Jun 11, 2024
An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection. Critical Unreviewed
CVE-2024-33868 was published May 14, 2024
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows... Critical Unreviewed
CVE-2024-32340 was published Apr 17, 2024
A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers... Critical Unreviewed
CVE-2024-31650 was published Apr 15, 2024
SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because... Critical Unreviewed
CVE-2024-2692 was published Apr 4, 2024
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross... Critical Unreviewed
CVE-2024-20719 was published Feb 15, 2024
Cross Site Scripting vulnerability in Axigen WebMail v.10.5.7 and before allows a remote attacker... Critical Unreviewed
CVE-2023-48974 was published Feb 8, 2024
ProTip! Advisories are also available from the GraphQL API