GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
24,987 advisories
Filter by severity
A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10...
Moderate
Unreviewed
CVE-2024-46654
was published
Sep 20, 2024
Cross Site Scripting vulnerability in Leotheme Leo Product Search Module v.2.1.6 and earlier...
Moderate
Unreviewed
CVE-2024-42697
was published
Sep 20, 2024
Prevent XSS from Confidant API call
Moderate
CVE-2024-45793
was published
for
confidant
(pip)
Sep 20, 2024
A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and...
Moderate
Unreviewed
CVE-2024-9033
was published
Sep 20, 2024
A vulnerability, which was classified as problematic, has been found in CodeCanyon CRMGo SaaS up...
Moderate
Unreviewed
CVE-2024-9031
was published
Sep 20, 2024
A vulnerability classified as problematic was found in CodeCanyon CRMGo SaaS 7.2. This...
Moderate
Unreviewed
CVE-2024-9030
was published
Sep 20, 2024
A vulnerability classified as problematic has been found in jeanmarc77 123solar 1.8.4.5. This...
Moderate
Unreviewed
CVE-2024-9007
was published
Sep 20, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Moderate
Unreviewed
CVE-2024-38221
was published
Sep 19, 2024
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser...
Moderate
Unreviewed
CVE-2024-8652
was published
Sep 19, 2024
A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser...
Moderate
Unreviewed
CVE-2024-8653
was published
Sep 19, 2024
DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSS
Moderate
GHSA-84jw-g43v-8gjm
was published
for
@rspack/core
(npm)
Sep 19, 2024
The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
Moderate
Unreviewed
CVE-2024-8364
was published
Sep 19, 2024
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site...
Moderate
Unreviewed
CVE-2024-8850
was published
Sep 19, 2024
Mautic vulnerable to XSS in contact/company tracking (no authentication)
Moderate
CVE-2024-47050
was published
for
mautic/core
(Composer)
Sep 18, 2024
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Moderate
GHSA-r9cr-qmfw-pmrc
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-43972
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-43987
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-43993
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-43992
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-44001
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-43995
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-43999
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-43991
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-43988
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-43983
was published
Sep 18, 2024
ProTip!
Advisories are also available from the
GraphQL API