Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

67 advisories

Loading
Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6531 was published for bootstrap (RubyGems) Jul 11, 2024
alexeyNeklesa-idt metametadata
Serilog Client IP Spoofing vulnerability Moderate
CVE-2024-44930 was published for Serilog.Enrichers.ClientInfo (NuGet) Aug 29, 2024
vbakke
Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6484 was published for bootstrap (RubyGems) Jul 11, 2024
metametadata
Bootstrap vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2018-14040 was published for bootstrap (RubyGems) May 13, 2022
jhutchings1 stof
Churro tdunlap607 jenhae
bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-20677 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14042 was published for bootstrap (RubyGems) Sep 13, 2018
tdunlap607 1Jesper1
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2016-10735 was published for bootstrap (RubyGems) Jan 17, 2019
roka-actico
XSS vulnerability that affects bootstrap Moderate
CVE-2018-20676 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements Moderate
CVE-2024-38357 was published for TinyMCE (Composer) Jun 19, 2024
Malav-MK
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option Moderate
CVE-2024-38356 was published for TinyMCE (Composer) Jun 19, 2024
Cross-site scripting in bootstrap-select Moderate
CVE-2019-20921 was published for bootstrap-select (npm) May 7, 2021
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14041 was published for bootstrap (RubyGems) Sep 13, 2018
jenhae
Bootstrap Vulnerable to Cross-Site Scripting Moderate
CVE-2019-8331 was published for Bootstrap.Less (RubyGems) Feb 22, 2019
Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality Moderate
CVE-2024-35240 was published for Umbraco.Commerce (NuGet) May 28, 2024
RaphaelCSSilva
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane Moderate
CVE-2024-35218 was published for UmbracoCms.Core (NuGet) May 21, 2024
Duplicate Advisory: jQuery Cross Site Scripting vulnerability Moderate
CVE-2020-23064 was published for jQuery (RubyGems) Jun 26, 2023 withdrawn
eoftedal
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11023 was published for jQuery (RubyGems) Apr 29, 2020
masatokinugawa klaudialax
XSS in jQuery as used in Drupal, Backdrop CMS, and other products Moderate
CVE-2019-11358 was published for django (RubyGems) Apr 26, 2019
klaudialax eoftedal
DOM-XSS on Backoffice login screen. Moderate
CVE-2023-48313 was published for Umbraco.CMS (NuGet) Dec 13, 2023
RaphaelCSSilva
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes Moderate
CVE-2024-29203 was published for TinyMCE (Composer) Mar 26, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements Moderate
CVE-2024-29881 was published for TinyMCE (Composer) Mar 26, 2024
Cross-site Scripting in Serenity Moderate
CVE-2024-26318 was published for @serenity-is/corelib (npm) Feb 19, 2024
Mono ASP.NET View State Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2010-1459 was published for mono (NuGet) May 2, 2022
Cross-site scripting vulnerability in TinyMCE Moderate
CVE-2024-21908 was published for TinyMCE (Composer) Oct 22, 2021
Cross-site scripting vulnerability in TinyMCE plugins Moderate
CVE-2024-21910 was published for TinyMCE (Composer) Nov 2, 2021
ProTip! Advisories are also available from the GraphQL API