GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,024
Maven
5,000+
npm
3,731
NuGet
662
pip
3,407
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
114 advisories
Filter by severity
happy-dom allows for server side code to be executed by a <script> tag
Critical
CVE-2024-51757
was published
for
happy-dom
(npm)
Nov 6, 2024
Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE
Critical
CVE-2024-51735
was published
for
github.com/j3ssie/osmedeus
(Go)
Nov 5, 2024
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting
Critical
CVE-2024-47186
was published
for
filament/infolists
(Composer)
Sep 27, 2024
XWiki Platform allows XSS through XClass name in string properties
Critical
CVE-2024-43400
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Aug 19, 2024
Gitea Cross-site Scripting Vulnerability
Critical
CVE-2024-6886
was published
for
code.gitea.io/gitea
(Go)
Aug 6, 2024
NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint
Critical
CVE-2023-49785
was published
for
nextchat
(npm)
Aug 5, 2024
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution
Critical
CVE-2024-41947
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jul 31, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter
Critical
CVE-2024-35225
was published
for
jupyter-server-proxy
(pip)
Jun 11, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability
Critical
CVE-2024-25737
was published
for
vufind/vufind
(Composer)
May 22, 2024
Mautic is vulnerable to XSS vulnerability
Critical
CVE-2020-35125
was published
for
mautic/core
(Composer)
May 15, 2024
PrestaShop cross-site scripting via customer contact form in FO, through file upload
Critical
CVE-2024-34716
was published
for
prestashop/prestashop
(Composer)
May 14, 2024
Blind XSS Leading to Froxlor Application Compromise
Critical
CVE-2024-34070
was published
for
froxlor/froxlor
(Composer)
May 10, 2024
Cross-site scripting on application summary component
Critical
CVE-2024-28175
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 15, 2024
Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2023-47795
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-26266
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
Critical
CVE-2024-26269
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25603
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25152
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Critical
CVE-2023-42496
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting
Critical
CVE-2023-42498
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting
Critical
CVE-2024-25147
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Critical
CVE-2023-40191
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25601
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting
Critical
CVE-2024-25602
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 21, 2024
Liferay Portal stored cross-site scripting (XSS) vulnerability
Critical
CVE-2024-25145
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 7, 2024
ProTip!
Advisories are also available from the
GraphQL API