Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,952
Erlang
39
GitHub Actions
38
Go
2,609
Maven
5,000+
npm
4,252
NuGet
757
pip
4,023
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

33,034 advisories

Loading
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-44059 was published Sep 16, 2024
A Stored Cross Site Scripting (XSS) vulnerability was found in "/admin/afeedback.php" in... Moderate Unreviewed
CVE-2024-40478 was published Aug 12, 2024
Deluge Web-UI vulnerable to XSS through a crafted torrent file Moderate
CVE-2021-3427 was published for deluge (pip) Aug 27, 2022
Dash apps vulnerable to Cross-site Scripting Moderate
CVE-2024-21485 was published for dash (npm) Feb 2, 2024
graingert
Credited to graingert
phpgurukul Bus Pass Management System 1.0 is vulnerable to Cross-site scripting (XSS) in /admin... Moderate Unreviewed
CVE-2024-44798 was published Sep 13, 2024
SquaredUp DS for SCOM 6.2.1.11104 allows XSS. Moderate Unreviewed
CVE-2024-45180 was published Sep 3, 2024
Cross-site scripting vulnerability exists in Advanced Custom Fields versions 6.3.5 and earlier... Moderate Unreviewed
CVE-2024-45429 was published Sep 5, 2024
A vulnerability classified as problematic has been found in OpenTibiaBR MyAAC up to 0.8.16.... Moderate Unreviewed
CVE-2024-8783 was published Sep 13, 2024
Reflected Cross-Site Scripting (XSS) in Shift Logbook application of B&R APROL <= R 4.4-00P3 may... Moderate Unreviewed
CVE-2024-5624 was published Aug 29, 2024
collective.task Cross-site Scripting vulnerability Moderate
CVE-2022-4527 was published for collective.task (pip) Dec 15, 2022
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. Moderate Unreviewed
CVE-2024-6702 was published Sep 12, 2024
The Eaton Foreseer software provides users the capability to customize the dashboard in WebView... Moderate Unreviewed
CVE-2024-31414 was published Sep 13, 2024
The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'... Moderate Unreviewed
CVE-2024-6018 was published Sep 12, 2024
The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming... Moderate Unreviewed
CVE-2024-6019 was published Sep 12, 2024
Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to... Moderate Unreviewed
CVE-2023-46951 was published Mar 1, 2024
Buildbot vulnerable to cross-site scripting Moderate
CVE-2009-2967 was published for buildbot (pip) May 2, 2022
anonymous4ACL24
Credited to anonymous4ACL24
Cross-site Scripting in CKAN Moderate
CVE-2021-25967 was published for ckan (pip) Dec 3, 2021
The Delicate theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link'... Moderate Unreviewed
CVE-2024-5867 was published Sep 13, 2024
The WordPress Affiliates Plugin — SliceWP Affiliates plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-8714 was published Sep 13, 2024
The Neighborly theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’... Moderate Unreviewed
CVE-2024-5869 was published Sep 13, 2024
The Exit Notifier plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the... Moderate Unreviewed
CVE-2024-8730 was published Sep 13, 2024
The Roles & Capabilities plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due... Moderate Unreviewed
CVE-2024-8732 was published Sep 13, 2024
The Cron Jobs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use... Moderate Unreviewed
CVE-2024-8731 was published Sep 13, 2024
The PDF Thumbnail Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting... Moderate Unreviewed
CVE-2024-8737 was published Sep 13, 2024
The Lucas String Replace plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due... Moderate Unreviewed
CVE-2024-8734 was published Sep 13, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database