Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,205 advisories

Loading
Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes High
CVE-2024-47061 was published for @udecode/plate-core (npm) Sep 20, 2024
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer from Release... High Unreviewed
CVE-2024-7737 was published Sep 19, 2024
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry... High Unreviewed
CVE-2024-7736 was published Sep 19, 2024
Mautic has an XSS in contact tracking and page hits report High
CVE-2021-27917 was published for mautic/core (Composer) Sep 18, 2024
patrykgruszka lenonleite
escopecz
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-43971 was published Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-44003 was published Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-43975 was published Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-44002 was published Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-44007 was published Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-43970 was published Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-44009 was published Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-45459 was published Sep 16, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-44053 was published Sep 16, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-44060 was published Sep 16, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-45458 was published Sep 16, 2024
An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site... High Unreviewed
CVE-2024-39926 was published Sep 13, 2024
A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls... High Unreviewed
CVE-2024-8696 was published Sep 12, 2024
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability High Unreviewed
CVE-2024-43476 was published Sep 10, 2024
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped High
CVE-2024-45592 was published for damienharper/auditor-bundle (Composer) Sep 10, 2024
fkropfhamer
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting... High Unreviewed
CVE-2024-1596 was published Sep 7, 2024
HTML injection in JupyterLite leading to DOM Clobbering High
GHSA-gj55-2xf9-67rq was published for jupyterlite-core (pip) Sep 6, 2024
ishmeals jackfromeast
A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If... High Unreviewed
CVE-2024-38640 was published Sep 6, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating... High Unreviewed
CVE-2024-21897 was published Sep 6, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited... High Unreviewed
CVE-2024-32762 was published Sep 6, 2024
Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full... High Unreviewed
CVE-2024-44728 was published Sep 5, 2024
ProTip! Advisories are also available from the GraphQL API