GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,029
Maven
5,000+
npm
3,731
NuGet
662
pip
3,408
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
297 advisories
Filter by severity
Mobile Security Framework (MobSF) Stored Cross-Site Scripting Vulnerability in "Diff or Compare" Functionality
Moderate
CVE-2024-53999
was published
for
mobsf
(pip)
Dec 3, 2024
pyspider Cross-site Scripting vulnerability
Moderate
CVE-2024-39162
was published
for
pyspider
(pip)
Nov 29, 2024
django CMS Attributes Field Cross-site Scripting
Moderate
CVE-2024-11406
was published
for
djangocms-attributes-field
(pip)
Nov 20, 2024
django CMS Cross-Site Scripting (XSS)
Moderate
CVE-2024-11319
was published
for
django-cms
(pip)
Nov 18, 2024
Cross-site Scripting (XSS) - DOM in janeczku/calibre-web
Moderate
CVE-2021-3988
was published
for
calibreweb
(pip)
Nov 15, 2024
OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates
Moderate
CVE-2024-49377
was published
for
OctoPrint
(pip)
Nov 5, 2024
Lollms vulnerable to Cross-site Scripting
Moderate
CVE-2024-6581
was published
for
lollms
(pip)
Oct 29, 2024
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files
Moderate
CVE-2024-47872
was published
for
gradio
(pip)
Oct 10, 2024
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
Moderate
CVE-2024-43795
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
Prevent XSS from Confidant API call
Moderate
CVE-2024-45793
was published
for
confidant
(pip)
Sep 20, 2024
Aim Stored XSS through TEXT EXPLORER
Moderate
CVE-2024-8863
was published
for
aim
(pip)
Sep 16, 2024
MindsDB Cross-site Scripting vulnerability
Moderate
CVE-2024-45856
was published
for
mindsdb
(pip)
Sep 12, 2024
D-Tale vulnerable to Remote Code Execution through the Query input on Chart Builder
Moderate
CVE-2024-45595
was published
for
dtale
(pip)
Sep 10, 2024
HTML injection in JupyterLite leading to DOM Clobbering
Moderate
GHSA-gj55-2xf9-67rq
was published
for
jupyterlite-core
(pip)
Sep 6, 2024
Indico has a Cross-Site-Scripting during account creation
Moderate
CVE-2024-45399
was published
for
indico
(pip)
Sep 4, 2024
FastAPI Admin cross-site scripting (XSS) vulnerability in the Create Product function
Moderate
CVE-2024-42816
was published
for
fastapi-admin
(pip)
Aug 26, 2024
FastAPI Admin Cross-site Scripting vulnerability in the Config-Create function
Moderate
CVE-2024-42818
was published
for
fastapi-admin
(pip)
Aug 26, 2024
Apache Airflow Cross-site Scripting Vulnerability
Moderate
CVE-2024-41937
was published
for
apache-airflow
(pip)
Aug 21, 2024
CKAN has Cross-site Scripting vector in the Datatables view plugin
Moderate
CVE-2024-41675
was published
for
ckan
(pip)
Aug 21, 2024
Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature)
Moderate
CVE-2024-43396
was published
for
khoj
(pip)
Aug 20, 2024
Open WebUI Stored Cross-Site Scripting Vulnerability
Moderate
CVE-2024-6706
was published
for
open-webui
(pip)
Aug 8, 2024
Aim Stored Cross-site Scripting Vulnerability
Moderate
CVE-2024-6578
was published
for
aim
(pip)
Jul 29, 2024
Twisted vulnerable to HTML injection in HTTP redirect body
Moderate
CVE-2024-41810
was published
for
twisted
(pip)
Jul 29, 2024
Calibre-Web Cross Site Scripting (XSS)
Moderate
CVE-2024-39123
was published
for
calibreweb
(pip)
Jul 19, 2024
Roundup Cross-site Scripting Vulnerability
Moderate
CVE-2024-39124
was published
for
roundup
(pip)
Jul 17, 2024
ProTip!
Advisories are also available from the
GraphQL API