Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,726
Maven
5,000+
npm
4,331
NuGet
763
pip
4,107
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

240 advisories

Loading
goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via... Critical Unreviewed
CVE-2024-23998 was published Jul 5, 2024
Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts. Critical Unreviewed
CVE-2024-23997 was published Jul 5, 2024
Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated... Critical Unreviewed
CVE-2024-31401 was published Jun 11, 2024
The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted... Critical Unreviewed
CVE-2024-4180 was published Jun 4, 2024
An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection. Critical Unreviewed
CVE-2024-33868 was published May 14, 2024
SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain... Critical Unreviewed
CVE-2024-26517 was published May 14, 2024
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows... Critical Unreviewed
CVE-2024-32340 was published Apr 17, 2024
Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote... Critical Unreviewed
CVE-2024-3847 was published Apr 17, 2024
A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers... Critical Unreviewed
CVE-2024-31650 was published Apr 15, 2024
Cross Site Scripting (XSS) vulnerability in Form Tools 3.1.1 allows attackers to run arbitrary... Critical Unreviewed
CVE-2024-22718 was published Apr 11, 2024
SiYuan version 3.0.3 allows executing arbitrary commands on the server. This is possible because... Critical Unreviewed
CVE-2024-2692 was published Apr 4, 2024
Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0... Critical Unreviewed
CVE-2024-24275 was published Mar 6, 2024
Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4... Critical Unreviewed
CVE-2024-24276 was published Mar 6, 2024
Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers to execute... Critical Unreviewed
CVE-2024-25292 was published Feb 29, 2024
Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a... Critical Unreviewed
CVE-2024-1676 was published Feb 21, 2024
Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the... Critical Unreviewed
CVE-2023-50808 was published Feb 13, 2024
Cross Site Scripting vulnerability in Axigen WebMail v.10.5.7 and before allows a remote attacker... Critical Unreviewed
CVE-2023-48974 was published Feb 8, 2024
A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro... Critical Unreviewed
CVE-2024-24594 was published Feb 6, 2024
A cross-site scripting (xss) vulnerability exists in the functiongetOpenGraph videoName... Critical Unreviewed
CVE-2023-48728 was published Jan 10, 2024
A cross-site scripting (xss) vulnerability exists in the channelBody.php user name functionality... Critical Unreviewed
CVE-2023-47861 was published Jan 10, 2024
Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because... Critical Unreviewed
CVE-2023-50982 was published Jan 8, 2024
Cross Site Scripting (XSS) vulnerability in DedeBIZ v6.0.3 allows attackers to run arbitrary code... Critical Unreviewed
CVE-2023-31546 was published Dec 14, 2023
H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack. Critical Unreviewed
CVE-2023-6013 was published Nov 16, 2023
Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows... Critical Unreviewed
CVE-2023-1716 was published Nov 1, 2023
A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300... Critical Unreviewed
CVE-2023-1715 was published Nov 1, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database