Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,580 advisories

Loading
Prevent XSS from Confidant API call Moderate
CVE-2024-45793 was published for confidant (pip) Sep 20, 2024
whu-lyft meng-han
alejandroroiz achantavy heryxpc anshumanbh bstewart-lyft reindaelman
Cross-site Scripting in invenio-communities Moderate
CVE-2019-1020005 was published for invenio-communities (pip) Jul 16, 2019
tdunlap607
Improper Neutralization of Input During Web Page Generation in html5lib Moderate
CVE-2016-9909 was published for html5lib (pip) May 17, 2022
Aim Stored XSS through TEXT EXPLORER Moderate
CVE-2024-8863 was published for aim (pip) Sep 16, 2024
Flask-Admin Cross-site Scripting vulnerability Moderate
CVE-2018-16516 was published for flask-admin (pip) Dec 19, 2018
born2discover
Djiblets Cross-site scripting Vulnerability via JSON Objects Moderate
CVE-2014-3994 was published for Djblets (pip) May 17, 2022
Fava vulnerable to reflected cross-site scripting Moderate
CVE-2022-2589 was published for fava (pip) Aug 2, 2022
Fava vulnerable to Reflected Cross-site Scripting Moderate
CVE-2022-2523 was published for fava (pip) Jul 26, 2022
feedparser Cross-site Scripting vulnerability Moderate
CVE-2011-1158 was published for feedparser (pip) Jul 23, 2018
feedparser Cross-site Scripting vulnerability Moderate
CVE-2011-1157 was published for feedparser (pip) Jul 23, 2018
Fava time and filter parameters vulnerable to reflected Cross-site Scripting Moderate
CVE-2022-2514 was published for fava (pip) Jul 26, 2022
feedparser Cross-site Scripting vulnerability Moderate
CVE-2009-5065 was published for feedparser (pip) May 2, 2022
Django Cross-site Scripting in AdminURLFieldWidget Moderate
CVE-2019-12308 was published for Django (pip) Jun 10, 2019
sunSUNQ
XSS in Django Moderate
CVE-2020-13596 was published for Django (pip) Jun 5, 2020
tdunlap607
Cross-site Scripting in Django Moderate
CVE-2022-22818 was published for django (pip) Feb 4, 2022
tdunlap607
Header injection possible in Django Moderate
CVE-2021-32052 was published for Django (pip) Jun 9, 2021
Cross-site Scripting (XSS) in Django REST Framework Moderate
CVE-2020-25626 was published for djangorestframework (pip) Mar 19, 2021
Djblets Cross-site scripting Vulnerability Moderate
CVE-2014-3995 was published for Djblets (pip) May 17, 2022
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS Moderate
CVE-2024-45812 was published for vite (npm) Sep 17, 2024
jackfromeast ishmeals
DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSS Moderate
GHSA-84jw-g43v-8gjm was published for @rspack/core (npm) Sep 19, 2024
jackfromeast ishmeals
Mautic vulnerable to XSS in contact/company tracking (no authentication) Moderate
CVE-2024-47050 was published for mautic/core (Composer) Sep 18, 2024
mqrtin patrykgruszka
lenonleite escopecz
Django Cross-site Scripting Vulnerability Moderate
CVE-2015-0220 was published for Django (pip) May 17, 2022
Django cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget widget Moderate
CVE-2013-4249 was published for django (pip) May 17, 2022
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards Moderate
CVE-2022-25774 was published for mautic/core (Composer) Apr 12, 2024
Vautia
Django XSS Vulnerability Moderate
CVE-2016-2512 was published for Django (pip) May 17, 2022
MarkLee131
ProTip! Advisories are also available from the GraphQL API