Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

68 advisories

Loading
Koji Cross-site Scripting Moderate
CVE-2024-9427 was published for koji (pip) Dec 24, 2024
XWiki Platform has an SQL injection in getdocuments.vm with sort parameter High
CVE-2024-55663 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) Dec 12, 2024
Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability Moderate
CVE-2024-10006 was published for github.com/hashicorp/consul (Go) Oct 31, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload Low
CVE-2024-47528 was published for librenms/librenms (Composer) Oct 1, 2024
minhnq1618
Apache Airflow vulnerable to Improper Encoding or Escaping of Output High
CVE-2024-45498 was published for apache-airflow (pip) Sep 7, 2024
exolightor
Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability Low
CVE-2024-34715 was published for ethyca-fides (pip) May 29, 2024
tariqajyusuf pattisdr
TYPO3 vulnerable to an HTML Injection in the History Module Low
CVE-2024-34355 was published for typo3/cms-core (Composer) May 14, 2024
andreaskienast bnf
Improper escaping in Apache Zeppelin Critical
CVE-2024-31866 was published for org.apache.zeppelin:zeppelin-interpreter (Maven) Apr 9, 2024
raboof
Apache Zeppelin vulnerable to cross-site scripting in the helium module Moderate
CVE-2024-31868 was published for org.apache.zeppelin:zeppelin-interpreter (Maven) Apr 9, 2024
oscerd
KaTeX's `\includegraphics` does not escape filename Moderate
CVE-2024-28245 was published for katex (npm) Mar 25, 2024
martinvks edemaine
jupenur
Ansible-core information disclosure flaw Moderate
CVE-2024-0690 was published for ansible-core (pip) Feb 6, 2024
Django Template Engine Vulnerable to XSS Critical
CVE-2024-22199 was published for github.com/gofiber/template/django/v3 (Go) Jan 11, 2024
bastianwegge sixcolors
gaby ReneWerner87 efectn
Mattermost password hash disclosure vulnerability Moderate
CVE-2023-5968 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 6, 2023
MarkLee131
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title Critical
CVE-2023-45135 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
React Developer Tools extension Improper Authorization vulnerability Moderate
CVE-2023-5654 was published for react-devtools-core (npm) Oct 19, 2023
Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device High
CVE-2023-43620 was published for github.com/schollz/croc/v9 (Go) Sep 20, 2023
schollz
OpenZeppelin Contracts vulnerable to Improper Escaping of Output Moderate
CVE-2023-40014 was published for @openzeppelin/contracts (npm) Aug 11, 2023
Critters Cross-site Scripting Vulnerability Moderate
CVE-2023-3481 was published for critters (npm) Aug 11, 2023
PrestaShop XSS injection through Validate::isCleanHTML method High
CVE-2023-39527 was published for prestashop/prestashop (Composer) Aug 9, 2023
Spring HATEOAS vulnerable to Improper Neutralization of HTTP Headers for Scripting Syntax Moderate
CVE-2023-34036 was published for org.springframework.hateoas:spring-hateoas (Maven) Jul 17, 2023
Froxlor vulnerable to Improper Encoding or Escaping of Output Critical
CVE-2023-3668 was published for froxlor/froxlor (Composer) Jul 14, 2023
TeamPass vulnerable to Improper Encoding or Escaping of Output High
CVE-2023-3552 was published for nilsteampassnet/teampass (Composer) Jul 8, 2023
Teampass Cross-site Scripting vulnerability Moderate
CVE-2023-3190 was published for nilsteampassnet/teampass (Composer) Jun 10, 2023
XWiki Platform vulnerable to RXSS via editor parameter - importinline template Critical
CVE-2023-32071 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) May 9, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database