Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,263
Erlang
31
GitHub Actions
21
Go
2,033
Maven
5,000+
npm
3,732
NuGet
662
pip
3,411
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

184 advisories

Loading
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting ... Critical Unreviewed
CVE-2024-54032 was published Dec 10, 2024
whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component. Critical Unreviewed
CVE-2024-53442 was published Dec 5, 2024
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to... Critical Unreviewed
CVE-2024-6516 was published Dec 5, 2024
Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot... Critical Unreviewed
CVE-2024-49038 was published Nov 26, 2024
An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0... Critical Unreviewed
CVE-2024-51053 was published Nov 18, 2024
A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service... Critical Unreviewed
CVE-2023-43091 was published Nov 17, 2024
XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in... Critical Unreviewed
CVE-2024-10217 was published Nov 12, 2024
The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and... Critical Unreviewed
CVE-2024-7982 was published Nov 8, 2024
A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute... Critical Unreviewed
CVE-2024-46538 was published Oct 22, 2024
The affected product is vulnerable to a cross-site scripting attack which may allow an attacker... Critical Unreviewed
CVE-2024-49397 was published Oct 17, 2024
Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 ... Critical Unreviewed
CVE-2024-23786 was published Oct 17, 2024
A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote... Critical Unreviewed
CVE-2024-46367 was published Sep 27, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-4657 was published Sep 25, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-7785 was published Sep 19, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-5959 was published Sep 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed
CVE-2024-6877 was published Sep 18, 2024
A remote code execution (RCE) vulnerability via crafted extension description/changelog could be... Critical Unreviewed
CVE-2024-8695 was published Sep 12, 2024
A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows... Critical Unreviewed
CVE-2024-45265 was published Aug 26, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2023-6452 was published Aug 22, 2024
Azure Stack Hub Spoofing Vulnerability Critical Unreviewed
CVE-2024-38108 was published Aug 13, 2024
An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara... Critical Unreviewed
CVE-2024-40482 was published Aug 12, 2024
AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL... Critical Unreviewed
CVE-2024-41476 was published Aug 12, 2024
An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a... Critical Unreviewed
CVE-2024-28739 was published Aug 6, 2024
Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to... Critical Unreviewed
CVE-2024-28740 was published Aug 6, 2024
Long pressing on a download link could potentially allow Javascript commands to be executed... Critical Unreviewed
CVE-2024-43111 was published Aug 6, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database