GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
799 advisories
Filter by severity
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer from Release...
High
Unreviewed
CVE-2024-7737
was published
Sep 19, 2024
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry...
High
Unreviewed
CVE-2024-7736
was published
Sep 19, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-43971
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-44003
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-43975
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-44002
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-44007
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-43970
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-44009
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-45459
was published
Sep 16, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-44053
was published
Sep 16, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-44060
was published
Sep 16, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-45458
was published
Sep 16, 2024
An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A stored cross-site...
High
Unreviewed
CVE-2024-39926
was published
Sep 13, 2024
A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls...
High
Unreviewed
CVE-2024-8696
was published
Sep 12, 2024
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
High
Unreviewed
CVE-2024-43476
was published
Sep 10, 2024
The Ninja Forms - File Uploads plugin for WordPress is vulnerable to Stored Cross-Site Scripting...
High
Unreviewed
CVE-2024-1596
was published
Sep 7, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If...
High
Unreviewed
CVE-2024-38640
was published
Sep 6, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating...
High
Unreviewed
CVE-2024-21897
was published
Sep 6, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited...
High
Unreviewed
CVE-2024-32762
was published
Sep 6, 2024
Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full...
High
Unreviewed
CVE-2024-44728
was published
Sep 5, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
High
Unreviewed
CVE-2024-2166
was published
Sep 5, 2024
An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation...
High
Unreviewed
CVE-2024-7654
was published
Sep 3, 2024
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer Release on...
High
Unreviewed
CVE-2024-7939
was published
Sep 2, 2024
A stored Cross-site Scripting (XSS) vulnerability affecting 3DDashboard in 3DSwymer Release on...
High
Unreviewed
CVE-2024-7932
was published
Sep 2, 2024
ProTip!
Advisories are also available from the
GraphQL API