GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,164
Erlang
30
GitHub Actions
19
Go
1,973
Maven
5,000+
npm
3,695
NuGet
654
pip
3,311
Pub
11
RubyGems
881
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
174 advisories
Filter by severity
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute...
Critical
Unreviewed
CVE-2024-46538
was published
Oct 22, 2024
The affected product is vulnerable to a cross-site scripting attack which may allow an attacker...
Critical
Unreviewed
CVE-2024-49397
was published
Oct 17, 2024
Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 ...
Critical
Unreviewed
CVE-2024-23786
was published
Oct 17, 2024
Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the...
Critical
Unreviewed
CVE-2023-50808
was published
Feb 13, 2024
A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote...
Critical
Unreviewed
CVE-2024-46367
was published
Sep 27, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-5959
was published
Sep 18, 2024
An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection.
Critical
Unreviewed
CVE-2024-33868
was published
May 14, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-6877
was published
Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-4657
was published
Sep 25, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Critical
Unreviewed
CVE-2024-7785
was published
Sep 19, 2024
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be...
Critical
Unreviewed
CVE-2024-8695
was published
Sep 12, 2024
A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a...
Critical
Unreviewed
CVE-2024-42009
was published
Aug 5, 2024
A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7...
Critical
Unreviewed
CVE-2024-42008
was published
Aug 5, 2024
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows...
Critical
Unreviewed
CVE-2024-45265
was published
Aug 26, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Critical
Unreviewed
CVE-2023-6452
was published
Aug 22, 2024
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows...
Critical
Unreviewed
CVE-2024-32340
was published
Apr 17, 2024
Azure Stack Hub Spoofing Vulnerability
Critical
Unreviewed
CVE-2024-38108
was published
Aug 13, 2024
An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara...
Critical
Unreviewed
CVE-2024-40482
was published
Aug 12, 2024
An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a...
Critical
Unreviewed
CVE-2024-28739
was published
Aug 6, 2024
Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to...
Critical
Unreviewed
CVE-2024-28740
was published
Aug 6, 2024
AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL...
Critical
Unreviewed
CVE-2024-41476
was published
Aug 12, 2024
Long pressing on a download link could potentially allow Javascript commands to be executed...
Critical
Unreviewed
CVE-2024-43111
was published
Aug 6, 2024
Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to...
Critical
Unreviewed
CVE-2024-40618
was published
Jul 11, 2024
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version...
Critical
Unreviewed
CVE-2024-6035
was published
Jul 11, 2024
Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts.
Critical
Unreviewed
CVE-2024-23997
was published
Jul 5, 2024
ProTip!
Advisories are also available from the
GraphQL API