GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
67 advisories
Filter by severity
XWiki Platform has an SQL injection in getdocuments.vm with sort parameter
High
CVE-2024-55663
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
Dec 12, 2024
Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability
Moderate
CVE-2024-10006
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
Low
CVE-2024-47528
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
Apache Airflow vulnerable to Improper Encoding or Escaping of Output
High
CVE-2024-45498
was published
for
apache-airflow
(pip)
Sep 7, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter
Critical
CVE-2024-35225
was published
for
jupyter-server-proxy
(pip)
Jun 11, 2024
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
Low
CVE-2024-34715
was published
for
ethyca-fides
(pip)
May 29, 2024
TYPO3 vulnerable to an HTML Injection in the History Module
Low
CVE-2024-34355
was published
for
typo3/cms-core
(Composer)
May 14, 2024
Improper escaping in Apache Zeppelin
Critical
CVE-2024-31866
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
Apache Zeppelin vulnerable to cross-site scripting in the helium module
Moderate
CVE-2024-31868
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
KaTeX's `\includegraphics` does not escape filename
Moderate
CVE-2024-28245
was published
for
katex
(npm)
Mar 25, 2024
Ansible-core information disclosure flaw
Moderate
CVE-2024-0690
was published
for
ansible-core
(pip)
Feb 6, 2024
Django Template Engine Vulnerable to XSS
Critical
CVE-2024-22199
was published
for
github.com/gofiber/template/django/v3
(Go)
Jan 11, 2024
Mattermost password hash disclosure vulnerability
Moderate
CVE-2023-5968
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 6, 2023
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title
Critical
CVE-2023-45135
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Oct 25, 2023
React Developer Tools extension Improper Authorization vulnerability
Moderate
CVE-2023-5654
was published
for
react-devtools-core
(npm)
Oct 19, 2023
Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device
High
CVE-2023-43620
was published
for
github.com/schollz/croc/v9
(Go)
Sep 20, 2023
OpenZeppelin Contracts vulnerable to Improper Escaping of Output
Moderate
CVE-2023-40014
was published
for
@openzeppelin/contracts
(npm)
Aug 11, 2023
Critters Cross-site Scripting Vulnerability
Moderate
CVE-2023-3481
was published
for
critters
(npm)
Aug 11, 2023
PrestaShop XSS injection through Validate::isCleanHTML method
High
CVE-2023-39527
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
Spring HATEOAS vulnerable to Improper Neutralization of HTTP Headers for Scripting Syntax
Moderate
CVE-2023-34036
was published
for
org.springframework.hateoas:spring-hateoas
(Maven)
Jul 17, 2023
Froxlor vulnerable to Improper Encoding or Escaping of Output
Critical
CVE-2023-3668
was published
for
froxlor/froxlor
(Composer)
Jul 14, 2023
TeamPass vulnerable to Improper Encoding or Escaping of Output
High
CVE-2023-3552
was published
for
nilsteampassnet/teampass
(Composer)
Jul 8, 2023
Teampass Cross-site Scripting vulnerability
Moderate
CVE-2023-3190
was published
for
nilsteampassnet/teampass
(Composer)
Jun 10, 2023
XWiki Platform vulnerable to RXSS via editor parameter - importinline template
Critical
CVE-2023-32071
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
May 9, 2023
Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints
Low
CVE-2023-30844
was published
for
github.com/mutagen-io/mutagen
(Go)
May 5, 2023
ProTip!
Advisories are also available from the
GraphQL API