Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,263
Erlang
31
GitHub Actions
21
Go
2,033
Maven
5,000+
npm
3,732
NuGet
662
pip
3,411
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,209 advisories

Loading
The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php... Low Unreviewed
CVE-2015-9436 was published May 24, 2022
Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a... Low Unreviewed
CVE-2024-51337 was published Nov 21, 2024
A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows... Low Unreviewed
CVE-2022-1226 was published Nov 15, 2024
IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a... Low Unreviewed
CVE-2024-45099 was published Nov 14, 2024
An administrative user of WebReports may perform a Cross Site Scripting (XSS) and/or Man in the... Low Unreviewed
CVE-2023-45706 was published Mar 28, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2024-5532 was published Oct 28, 2024
There is an XSS vulnerability in some HikCentral Master Lite versions. If exploited, an attacker... Low Unreviewed
CVE-2024-47486 was published Oct 18, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2024-43686 was published Oct 4, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2024-43687 was published Oct 4, 2024
In JetBrains TeamCity before 2024.07.3 stored XSS was possible in Backup configuration settings Low Unreviewed
CVE-2024-47950 was published Oct 8, 2024
In JetBrains TeamCity before 2024.07.3 stored XSS was possible via server global settings Low Unreviewed
CVE-2024-47951 was published Oct 8, 2024
A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as... Low Unreviewed
CVE-2024-9075 was published Sep 22, 2024
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible Low Unreviewed
CVE-2024-46970 was published Sep 16, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited,... Low Unreviewed
CVE-2024-27125 was published Sep 6, 2024
Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject... Low Unreviewed
CVE-2024-38858 was published Sep 2, 2024
A cross-site scripting (XSS) vulnerability in the component admin_datarelate.php of SeaCMS v12.9... Low Unreviewed
CVE-2024-44918 was published Aug 30, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2022-26328 was published Aug 21, 2024
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page Low Unreviewed
CVE-2024-43809 was published Aug 16, 2024
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin Low Unreviewed
CVE-2024-43808 was published Aug 16, 2024
Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1... Low Unreviewed
CVE-2024-4187 was published Jul 31, 2024
The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made... Low Unreviewed
CVE-2024-6692 was published Aug 12, 2024
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page Low Unreviewed
CVE-2024-41826 was published Jul 22, 2024
Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition... Low Unreviewed
CVE-2024-38870 was published Jul 17, 2024
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow... Low Unreviewed
CVE-2013-5223 was published May 17, 2022
A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor.... Low Unreviewed
CVE-2024-22477 was published Jul 10, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database