Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,662
Maven
5,000+
npm
4,289
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

33,339 advisories

Loading
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help... Moderate Unreviewed
CVE-2023-45206 was published Feb 13, 2024
The Starbox WordPress plugin before 3.5.3 does not properly render social media profiles URLs in... Moderate Unreviewed
CVE-2024-8239 was published Sep 30, 2024
The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its... Moderate Unreviewed
CVE-2024-8283 was published Sep 30, 2024
The Gutentor WordPress plugin before 3.3.6 does not validate and escape some of its block... Moderate Unreviewed
CVE-2024-5417 was published Aug 29, 2024
The Sign-up Sheets WordPress plugin before 2.2.13 does not escape some generated URLs, as well as... Moderate Unreviewed
CVE-2024-6020 was published Sep 4, 2024
The Chatbot Support AI: Free ChatGPT Chatbot, Woocommerce Chatbot WordPress plugin through 1.0.2... Moderate Unreviewed
CVE-2024-6722 was published Sep 4, 2024
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not... Moderate Unreviewed
CVE-2024-6888 was published Sep 4, 2024
The Page Builder Gutenberg Blocks WordPress plugin before 3.1.13 does not escape the content of... Moderate Unreviewed
CVE-2024-7132 was published Aug 29, 2024
OTF-001: Improper Input Sanitation: The path parameter of the requested URL is not sanitized before being passed to the QT frontend Moderate
CVE-2022-21690 was published for onionshare-cli (pip) Jan 21, 2022
A cross-site scripting (XSS) vulnerability in Flatpress v1.3 allows attackers to execute... Moderate Unreviewed
CVE-2024-25412 was published Sep 27, 2024
A cross-site scripting (XSS) vulnerability in the component /test/ of iq3xcite v2.31 to v3.05... Moderate Unreviewed
CVE-2024-46453 was published Sep 27, 2024
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site... Moderate Unreviewed
CVE-2024-45153 was published Oct 7, 2024
Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of... Moderate Unreviewed
CVE-2024-9571 was published Oct 7, 2024
Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of... Moderate Unreviewed
CVE-2024-9572 was published Oct 7, 2024
The Secure Copy Content Protection and Content Locking WordPress plugin before 4.1.7 does not... Moderate Unreviewed
CVE-2024-6889 was published Sep 4, 2024
Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page Moderate
GHSA-pf56-h9qf-rxq4 was published for @saltcorn/server (npm) Oct 7, 2024
dellalibera
Credited to dellalibera
malicious SVG attachment causing stored XSS vulnerability Moderate
CVE-2020-15275 was published for moin (pip) Nov 11, 2020
Mediawiki Cargo extension vulnerable to Cross-site Scripting Moderate
CVE-2024-47847 was published for mediawiki/cargo (Composer) Oct 5, 2024
Cross-site scripting in Jupyter Notebook Moderate
CVE-2018-21030 was published for notebook (pip) Nov 8, 2019
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-44022 was published Oct 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-44032 was published Oct 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-47650 was published Oct 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-44010 was published Oct 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-44024 was published Oct 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-44025 was published Oct 6, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database