Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

249 advisories

Loading
A vulnerability in the VPN web client services feature of Cisco Adaptive Security Appliance (ASA)... Moderate Unreviewed
CVE-2024-20341 was published Oct 23, 2024
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section Moderate
CVE-2024-47819 was published for @umbraco-cms/backoffice (npm) Oct 22, 2024
DuongPhamm
Credited to DuongPhamm
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone... Moderate Unreviewed
CVE-2024-20460 was published Oct 16, 2024
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ... Moderate Unreviewed
CVE-2024-47139 was published Oct 16, 2024
Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS Moderate
CVE-2024-47765 was published for dev-lancer/minecraft-motd-parser (Composer) Oct 4, 2024
Krymonota jgniecki
Credited to Krymonota and jgniecki
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that... Moderate Unreviewed
CVE-2024-38039 was published Oct 4, 2024
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field Moderate
CVE-2024-47536 was published for starcitizentools/citizen-skin (Composer) Sep 30, 2024
BlankEclair
Credited to BlankEclair
The Store Hours for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2024-8872 was published Sep 26, 2024
The MC4WP: Mailchimp for WordPress plugin for WordPress is vulnerable to Stored Cross-Site... Moderate Unreviewed
CVE-2024-8680 was published Sep 21, 2024
Craft CMS vulnerable to stored XSS in breadcrumb list and title fields Moderate
CVE-2024-45406 was published for craftcms/cms (Composer) Sep 9, 2024
amame04
Credited to amame04
XSS in the view page with the SLA column configured in Checkmk versions prior to 2.3.0p14, 2.2... Moderate Unreviewed
CVE-2024-38859 was published Aug 26, 2024
A vulnerability, which was classified as problematic, has been found in ClassCMS 4.8. Affected by... Moderate Unreviewed
CVE-2024-8145 was published Aug 25, 2024
The Responsive video plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the... Moderate Unreviewed
CVE-2024-7629 was published Aug 21, 2024
Priority - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Moderate Unreviewed
CVE-2024-41697 was published Aug 20, 2024
Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) Moderate Unreviewed
CVE-2024-41693 was published Jul 30, 2024
IBM Security QRadar EDR 3.12 is vulnerable to HTML injection. A remote attacker could inject... Moderate Unreviewed
CVE-2023-35006 was published Jul 10, 2024
Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote... Moderate Unreviewed
CVE-2024-27716 was published Jul 5, 2024
VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor... Moderate Unreviewed
CVE-2024-22277 was published Jul 4, 2024
Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users... Moderate Unreviewed
CVE-2024-6052 was published Jul 3, 2024
Cross-site Scripting in ZenUML Moderate
CVE-2024-38527 was published for @zenuml/core (npm) Jun 26, 2024
Yash-Singh1
Credited to Yash-Singh1
Stored XSS in the Crash Report page in Checkmk before versions 2.3.0p7, 2.2.0p28, 2.1.0p45, and 2... Moderate Unreviewed
CVE-2024-28832 was published Jun 25, 2024
Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows... Moderate Unreviewed
CVE-2024-28831 was published Jun 25, 2024
Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute... Moderate Unreviewed
CVE-2024-37732 was published Jun 24, 2024
A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. Affected is an... Moderate Unreviewed
CVE-2024-6251 was published Jun 22, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2022-38055 was published Jun 21, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database