Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

424 advisories

Loading
Jenkins Simple Queue Plugin has stored cross-site scripting (XSS) vulnerability High
CVE-2024-54003 was published for io.jenkins.plugins:simple-queue (Maven) Nov 27, 2024
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through High
CVE-2024-52595 was published for lxml-html-clean (pip) Nov 19, 2024
JorianWoltjer frenzymadness
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php High
CVE-2024-52526 was published for librenms/librenms (Composer) Nov 15, 2024
RaphaelCSS
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php High
CVE-2024-51497 was published for librenms/librenms (Composer) Nov 15, 2024
RaphaelCSS
LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php High
CVE-2024-51496 was published for librenms/librenms (Composer) Nov 15, 2024
RaphaelCSS
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php High
CVE-2024-51495 was published for librenms/librenms (Composer) Nov 15, 2024
RaphaelCSS
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php High
CVE-2024-51494 was published for librenms/librenms (Composer) Nov 15, 2024
RaphaelCSS
LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints High
CVE-2024-50355 was published for librenms/librenms (Composer) Nov 15, 2024
minhnq1618
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/overview/services.inc.php High
CVE-2024-50352 was published for librenms/librenms (Composer) Nov 15, 2024
RaphaelCSS
LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php High
CVE-2024-50351 was published for librenms/librenms (Composer) Nov 15, 2024
RaphaelCSS
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php High
CVE-2024-50350 was published for librenms/librenms (Composer) Nov 15, 2024
RaphaelCSS
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php High
CVE-2024-49764 was published for librenms/librenms (Composer) Nov 15, 2024
RaphaelCSS
Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php High
CVE-2024-49759 was published for librenms/librenms (Composer) Nov 15, 2024
RaphaelCSS
LibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.php High
CVE-2024-49754 was published for librenms/librenms (Composer) Nov 15, 2024
RaphaelCSS
Stored XSS vulnerability in Jenkins Authorize Project Plugin High
CVE-2024-52552 was published for org.jenkins-ci.plugins:authorize-project (Maven) Nov 13, 2024
Cross Site Scripting vulnerability in Snipe-IT High
CVE-2024-51093 was published for snipe/snipe-it (Composer) Nov 12, 2024
powertac-server XML External Entity vulnerability High
CVE-2024-51135 was published for org.powertac:server-interface (Maven) Nov 11, 2024
OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand High
CVE-2024-47880 was published for org.openrefine:openrefine (Maven) Oct 24, 2024
OpenRefine has a reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt) High
CVE-2024-47878 was published for org.openrefine:extensions (Maven) Oct 24, 2024
DOMpurify has a nesting-based mXSS High
CVE-2024-47875 was published for dompurify (npm) Oct 11, 2024
bastien-roucaries eslerm
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name High
CVE-2024-47524 was published for librenms/librenms (Composer) Oct 1, 2024
minhnq1618
Decidim has a cross-site scripting vulnerability in the version control page High
CVE-2024-41673 was published for decidim (RubyGems) Oct 1, 2024
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS High
CVE-2024-47068 was published for rollup (npm) Sep 23, 2024
jackfromeast ishmeals
Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes High
CVE-2024-47061 was published for @udecode/plate-core (npm) Sep 20, 2024
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering High
CVE-2024-43805 was published for jupyterlab (pip) Aug 29, 2024
jackfromeast ishmeals
RRosio krassowski
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database