GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
131 advisories
Filter by severity
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2023-46310
was published
Jun 4, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WP...
Moderate
Unreviewed
CVE-2023-45635
was published
Jun 4, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2023-47663
was published
Jun 4, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2023-45053
was published
Jun 4, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WP...
Moderate
Unreviewed
CVE-2023-39161
was published
Jun 4, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2023-40557
was published
Jun 4, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2023-23735
was published
Jun 4, 2024
phpxmlrpc/extra XSS in class documenting_xmlrpc_server
Moderate
GHSA-ww6p-q26w-fr6m
was published
for
phpxmlrpc/extras
(Composer)
May 20, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2024-24874
was published
May 17, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2024-32790
was published
May 17, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2024-23522
was published
May 17, 2024
static-web-server vulnerable to stored Cross-site Scripting in directory listings via file names
Moderate
CVE-2024-32966
was published
for
static-web-server
(Rust)
May 1, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS vulnerability in...
Moderate
Unreviewed
CVE-2023-48763
was published
Apr 24, 2024
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows...
Moderate
Unreviewed
CVE-2024-32746
was published
Apr 17, 2024
TCPDF Cross-site Scripting vulnerability
Moderate
CVE-2024-32489
was published
for
tecnickcom/tcpdf
(Composer)
Apr 15, 2024
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
Moderate
CVE-2022-25774
was published
for
mautic/core
(Composer)
Apr 12, 2024
Stored XSS in graph rendering in Checkmk <2.3.0b4.
Moderate
Unreviewed
CVE-2024-2380
was published
Apr 5, 2024
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that...
Moderate
Unreviewed
CVE-2024-25690
was published
Apr 4, 2024
A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042,...
Moderate
Unreviewed
CVE-2024-20362
was published
Apr 3, 2024
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a...
Moderate
Unreviewed
CVE-2024-31062
was published
Mar 28, 2024
phpMyFAQ Stored HTML Injection at contentLink
Moderate
CVE-2024-28108
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users...
Moderate
Unreviewed
CVE-2024-1606
was published
Mar 18, 2024
Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php.
Moderate
Unreviewed
CVE-2024-28417
was published
Mar 14, 2024
hexo-theme-anzhiyu Cross-site Scripting vulnerability
Moderate
CVE-2024-25865
was published
for
hexo-theme-anzhiyu
(npm)
Mar 3, 2024
Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field...
Moderate
Unreviewed
CVE-2024-25873
was published
Feb 22, 2024
ProTip!
Advisories are also available from the
GraphQL API