Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,164
Erlang
30
GitHub Actions
19
Go
1,973
Maven
5,000+
npm
3,695
NuGet
654
pip
3,312
Pub
11
RubyGems
881
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

174 advisories

Loading
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute... Critical Unreviewed
CVE-2024-46538 was published Oct 22, 2024
The affected product is vulnerable to a cross-site scripting attack which may allow an attacker... Critical Unreviewed
CVE-2024-49397 was published Oct 17, 2024
Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 ... Critical Unreviewed
CVE-2024-23786 was published Oct 17, 2024
Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the... Critical Unreviewed
CVE-2023-50808 was published Feb 13, 2024
A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote... Critical Unreviewed
CVE-2024-46367 was published Sep 27, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-5959 was published Sep 18, 2024
An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection. Critical Unreviewed
CVE-2024-33868 was published May 14, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-6877 was published Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-4657 was published Sep 25, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-7785 was published Sep 19, 2024
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be... Critical Unreviewed
CVE-2024-8695 was published Sep 12, 2024
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a... Critical Unreviewed
CVE-2024-42009 was published Aug 5, 2024
A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7... Critical Unreviewed
CVE-2024-42008 was published Aug 5, 2024
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows... Critical Unreviewed
CVE-2024-45265 was published Aug 26, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2023-6452 was published Aug 22, 2024
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows... Critical Unreviewed
CVE-2024-32340 was published Apr 17, 2024
Azure Stack Hub Spoofing Vulnerability Critical Unreviewed
CVE-2024-38108 was published Aug 13, 2024
An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara... Critical Unreviewed
CVE-2024-40482 was published Aug 12, 2024
An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a... Critical Unreviewed
CVE-2024-28739 was published Aug 6, 2024
Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to... Critical Unreviewed
CVE-2024-28740 was published Aug 6, 2024
AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL... Critical Unreviewed
CVE-2024-41476 was published Aug 12, 2024
Long pressing on a download link could potentially allow Javascript commands to be executed... Critical Unreviewed
CVE-2024-43111 was published Aug 6, 2024
Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to... Critical Unreviewed
CVE-2024-40618 was published Jul 11, 2024
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version... Critical Unreviewed
CVE-2024-6035 was published Jul 11, 2024
Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts. Critical Unreviewed
CVE-2024-23997 was published Jul 5, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database