Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,015
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

151 advisories

Loading
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53989 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53987 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53988 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitizer has XSS vulnerability with certain configurations Low
CVE-2024-53986 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
rails-html-sanitize has XSS vulnerability with certain configurations Low
CVE-2024-53985 was published for rails-html-sanitizer (RubyGems) Dec 2, 2024
deno_doc's HTML generator vulnerable to Cross-site Scripting Low
CVE-2024-32468 was published for deno_doc (Rust) Nov 25, 2024
NeKzor
@sveltejs/kit vulnerable to on dev mode 404 page Low
CVE-2024-53261 was published for @sveltejs/kit (npm) Nov 25, 2024
benmccann eltigerchino
@sveltejs/kit has unescaped error message included on error page Low
CVE-2024-53262 was published for @sveltejs/kit (npm) Nov 25, 2024
dominikg eltigerchino
benmccann
Moodle Cross-site Scripting vulnerability Low
CVE-2024-43437 was published for moodle/moodle (Composer) Nov 11, 2024
LocalAI Cross-site Scripting vulnerability Low
CVE-2024-48057 was published for github.com/mudler/LocalAI (Go) Nov 5, 2024
Umbraco CMS Cross-site Scripting vulnerability Low
CVE-2024-10761 was published for Umbraco.Cms.Core (NuGet) Nov 4, 2024
Funadmin Cross-site Scripting vulnerability Low
CVE-2024-48228 was published for funadmin/funadmin (Composer) Oct 26, 2024
Admidio Vulnerable to HTML Injection In The Messages Section Low
CVE-2024-47836 was published for admidio/admidio (Composer) Oct 16, 2024
Kakashi1234
Contao allows admin an account to upload SVG file containing malicious JavaScript Low
CVE-2024-45965 was published for contao/contao (Composer) Oct 2, 2024
October allows an admin account to upload PDF containing malicious JavaScript Low
CVE-2024-45962 was published for october/october (Composer) Oct 2, 2024
Zenario Cross Site Scripting in the Image library Low
CVE-2024-45964 was published for tribalsystems/zenario (Composer) Oct 2, 2024
Zenario allows authenticated admin users to upload PDF files containing malicious code Low
CVE-2024-45960 was published for tribalsystems/zenario (Composer) Oct 2, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload Low
CVE-2024-47528 was published for librenms/librenms (Composer) Oct 1, 2024
minhnq1618
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature Low
CVE-2024-47526 was published for librenms/librenms (Composer) Oct 1, 2024
RaphaelCSS RaphaelCSSilva
ReLaXed Cross-site Scripting vulnerability Low
CVE-2024-9283 was published for relaxedjs (npm) Sep 27, 2024
m3t3kh4n
Cross site scripting in Concrete CMS Low
CVE-2024-7398 was published for concrete5/concrete5 (Composer) Sep 25, 2024
Cross site scripting in Concrete CMS Low
CVE-2024-8291 was published for concrete5/concrete5 (Composer) Sep 25, 2024
send vulnerable to template injection that can lead to XSS Low
CVE-2024-43799 was published for send (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
serve-static vulnerable to template injection that can lead to XSS Low
CVE-2024-43800 was published for serve-static (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
express vulnerable to XSS via response.redirect() Low
CVE-2024-43796 was published for express (npm) Sep 10, 2024
AdamKorcz UlisesGascon
ctcpip wesleytodd
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database