GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
161 advisories
Filter by severity
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Moderate
GHSA-r9cr-qmfw-pmrc
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor
Moderate
CVE-2024-39910
was published
for
decidim
(RubyGems)
Sep 16, 2024
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log
Moderate
CVE-2024-32034
was published
for
decidim-admin
(RubyGems)
Sep 16, 2024
Cross Site Scripting vulnerability in Contribsys Sidekiq
Moderate
CVE-2023-46950
was published
for
sidekiq-unique-jobs
(RubyGems)
Mar 1, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6531
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
ActionText ContentAttachment can Contain Unsanitized HTML
Moderate
CVE-2024-32464
was published
for
actiontext
(RubyGems)
Jun 4, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6484
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
Bootstrap vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2018-14040
was published
for
bootstrap
(RubyGems)
May 13, 2022
bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-20677
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2016-10735
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
XSS vulnerability that affects bootstrap
Moderate
CVE-2018-20676
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Decidim cross-site scripting (XSS) in the pagination
High
CVE-2024-32469
was published
for
decidim
(RubyGems)
Jul 10, 2024
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14041
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Bootstrap Vulnerable to Cross-Site Scripting
Moderate
CVE-2019-8331
was published
for
Bootstrap.Less
(RubyGems)
Feb 22, 2019
RailsAdmin Cross-site Scripting vulnerability in the list view
Moderate
CVE-2024-39308
was published
for
rails_admin
(RubyGems)
Jul 8, 2024
Decidim cross-site scripting (XSS) in the admin panel
Moderate
CVE-2024-27095
was published
for
decidim-admin
(RubyGems)
Jul 10, 2024
avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields
High
CVE-2023-34103
was published
for
avo
(RubyGems)
Jun 6, 2023
Rails has possible XSS Vulnerability in Action Controller
Moderate
CVE-2024-26143
was published
for
actionpack
(RubyGems)
Feb 27, 2024
Trix Editor Arbitrary Code Execution Vulnerability
Moderate
CVE-2024-34341
was published
for
actiontext
(RubyGems)
May 7, 2024
Duplicate Advisory: jQuery Cross Site Scripting vulnerability
Moderate
CVE-2020-23064
was published
for
jQuery
(RubyGems)
Jun 26, 2023
•
withdrawn
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11023
was published
for
jQuery
(RubyGems)
Apr 29, 2020
Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values
High
CVE-2024-32970
was published
for
phlex
(RubyGems)
May 1, 2024
sidekiq vulnerable to cross-site scripting
High
CVE-2023-1892
was published
for
sidekiq
(RubyGems)
Apr 21, 2023
Sidekiq vulnerable to a Reflected XSS in Queues Web Page
Moderate
CVE-2024-32887
was published
for
sidekiq
(RubyGems)
Apr 26, 2024
ProTip!
Advisories are also available from the
GraphQL API