GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,496
Composer 4,170
Erlang 30
GitHub Actions 19
Go 1,981
Maven 5,155
npm 3,700
NuGet 656
pip 3,319
Pub 11
RubyGems 882
Rust 834
Swift 35

Unreviewed advisories

All unreviewed 232,959

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

176 advisories

Filter by severity

Sort by

Least recently updated

A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute... Critical Unreviewed

CVE-2024-46538 was published Oct 22, 2024

The affected product is vulnerable to a cross-site scripting attack which may allow an attacker... Critical Unreviewed

CVE-2024-49397 was published Oct 17, 2024

Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 ... Critical Unreviewed

CVE-2024-23786 was published Oct 17, 2024

A Stored Cross-Site Scripting (XSS) vulnerability in Webkul Krayin CRM 1.3.0 allows remote... Critical Unreviewed

CVE-2024-46367 was published Sep 27, 2024

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed

CVE-2024-4657 was published Sep 25, 2024

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed

CVE-2024-7785 was published Sep 19, 2024

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed

CVE-2024-6877 was published Sep 18, 2024

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Critical Unreviewed

CVE-2024-5959 was published Sep 18, 2024

A remote code execution (RCE) vulnerability via crafted extension description/changelog could be... Critical Unreviewed

CVE-2024-8695 was published Sep 12, 2024

A SQL injection vulnerability in the poll component in SkySystem Arfa-CMS before 5.1.3124 allows... Critical Unreviewed

CVE-2024-45265 was published Aug 26, 2024

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... Critical Unreviewed

CVE-2023-6452 was published Aug 22, 2024

Azure Stack Hub Spoofing Vulnerability Critical Unreviewed

CVE-2024-38108 was published Aug 13, 2024

An Unrestricted file upload vulnerability was found in "/Membership/edit_member.php" of Kashipara... Critical Unreviewed

CVE-2024-40482 was published Aug 12, 2024

AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL... Critical Unreviewed

CVE-2024-41476 was published Aug 12, 2024

Cross Site Scripting vulnerability in Koha ILS 23.05 and before allows a remote attacker to... Critical Unreviewed

CVE-2024-28740 was published Aug 6, 2024

An issue in Koha ILS 23.05 and before allows a remote attacker to execute arbitrary code via a... Critical Unreviewed

CVE-2024-28739 was published Aug 6, 2024

Long pressing on a download link could potentially allow Javascript commands to be executed... Critical Unreviewed

CVE-2024-43111 was published Aug 6, 2024

A Cross-Site Scripting vulnerability in rcmail_action_mail_get->run() in Roundcube through 1.5.7... Critical Unreviewed

CVE-2024-42008 was published Aug 5, 2024

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a... Critical Unreviewed

CVE-2024-42009 was published Aug 5, 2024

A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version... Critical Unreviewed

CVE-2024-6035 was published Jul 11, 2024

Whale browser before 3.26.244.21 allows an attacker to execute malicious JavaScript due to... Critical Unreviewed

CVE-2024-40618 was published Jul 11, 2024

goanother Another Redis Desktop Manager =<1.6.1 is vulnerable to Cross Site Scripting (XSS) via... Critical Unreviewed

CVE-2024-23998 was published Jul 5, 2024

Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts. Critical Unreviewed

CVE-2024-23997 was published Jul 5, 2024

Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated... Critical Unreviewed

CVE-2024-31401 was published Jun 11, 2024

An issue was discovered in linqi before 1.4.0.1 on Windows. There is LDAP injection. Critical Unreviewed

CVE-2024-33868 was published May 14, 2024

Previous 1 2 3 4 5 6 7 8 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

176 advisories