GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
113 advisories
gettext.js has a Cross-site Scripting injection
High
CVE-2024-43370
was published
for
gettext.js
(npm)
Aug 15, 2024
ghtml Cross-Site Scripting (XSS) vulnerability
High
CVE-2024-37166
was published
for
ghtml
(npm)
Jun 10, 2024
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
High
CVE-2023-49781
was published
for
nocodb
(npm)
May 13, 2024
react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js
High
CVE-2024-34342
was published
for
react-pdf
(npm)
May 7, 2024
react-query-streamed-hydration Cross-site Scripting vulnerability
High
CVE-2024-24558
was published
for
@tanstack/react-query-next-experimental
(npm)
Jan 30, 2024
HTML comments vulnerability allowing to execute JavaScript code
High
CVE-2021-41165
was published
for
ckeditor/ckeditor
(Composer)
Nov 17, 2021
Cross-Site Scripting in highcharts
High
GHSA-gr4j-r575-g665
was published
for
highcharts
(npm)
Aug 25, 2020
@udecode/plate-link does not sanitize URLs to prevent use of the `javascript:` scheme
High
CVE-2023-34245
was published
for
@udecode/plate-link
(npm)
Jun 9, 2023
Cross-Site Scripting in swagger-ui
High
CVE-2016-1000233
was published
for
swagger-ui
(npm)
Sep 1, 2020
Cross-Site Scripting in bootstrap-vue
High
GHSA-c7pp-x73h-4m2v
was published
for
bootstrap-vue
(npm)
Sep 2, 2020
Cross-Site Scripting in @toast-ui/editor
High
GHSA-cr56-66mx-293v
was published
for
@toast-ui/editor
(npm)
Sep 3, 2020
ProTip!
Advisories are also available from the
GraphQL API