GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
114 advisories
Filter by severity
DOMpurify has a nesting-based mXSS
High
CVE-2024-47875
was published
for
dompurify
(npm)
Oct 11, 2024
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
High
CVE-2024-47068
was published
for
rollup
(npm)
Sep 23, 2024
Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes
High
CVE-2024-47061
was published
for
@udecode/plate-core
(npm)
Sep 20, 2024
gettext.js has a Cross-site Scripting injection
High
CVE-2024-43370
was published
for
gettext.js
(npm)
Aug 15, 2024
Plate media plugins has a XSS in media embed element when using custom URL parsers
High
CVE-2024-40631
was published
for
@udecode/plate-media
(npm)
Jul 15, 2024
ghtml Cross-Site Scripting (XSS) vulnerability
High
CVE-2024-37166
was published
for
ghtml
(npm)
Jun 10, 2024
lunary-ai/lunary XSS in SAML metadata endpoint
High
CVE-2024-5478
was published
for
lunary
(npm)
Jun 6, 2024
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
High
CVE-2023-49781
was published
for
nocodb
(npm)
May 13, 2024
react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js
High
CVE-2024-34342
was published
for
react-pdf
(npm)
May 7, 2024
Cross-site Scripting in electron-pdf
High
CVE-2024-1648
was published
for
electron-pdf
(npm)
Feb 20, 2024
@urql/next Cross-site Scripting vulnerability
High
CVE-2024-24556
was published
for
@urql/next
(npm)
Jan 30, 2024
react-query-streamed-hydration Cross-site Scripting vulnerability
High
CVE-2024-24558
was published
for
@tanstack/react-query-next-experimental
(npm)
Jan 30, 2024
Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client
High
CVE-2023-41049
was published
for
@dcl/single-sign-on-client
(npm)
Sep 4, 2023
Angular critical CSS inlining Cross-site Scripting Vulnerability Advisory
High
GHSA-r3hf-q8q7-fv2p
was published
for
@nguniversal/common
(npm)
Aug 9, 2023
webmention.js Cross-site Scripting vulnerability
High
CVE-2023-3672
was published
for
webmention.js
(npm)
Jul 14, 2023
@udecode/plate-link does not sanitize URLs to prevent use of the `javascript:` scheme
High
CVE-2023-34245
was published
for
@udecode/plate-link
(npm)
Jun 9, 2023
HTML injection in search results via plaintext message highlighting
High
CVE-2023-30609
was published
for
matrix-react-sdk
(npm)
Apr 25, 2023
markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS)
High
CVE-2023-0835
was published
for
markdown-pdf
(npm)
Apr 5, 2023
directus vulnerable to HTML Injection in Password Reset email to custom Reset URL
High
CVE-2023-27474
was published
for
directus
(npm)
Mar 7, 2023
gatsby-transformer-remark has possible unsanitized JavaScript code injection
High
CVE-2023-22491
was published
for
gatsby-transformer-remark
(npm)
Jan 11, 2023
@mattkrick/sanitize-svg vulnerable to Cross-Site Scripting (XSS)
High
CVE-2023-22461
was published
for
@mattkrick/sanitize-svg
(npm)
Jan 5, 2023
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in directus
High
CVE-2022-24814
was published
for
directus
(npm)
Apr 5, 2022
Cross site scripting in @awsui/components-react
High
CVE-2022-24709
was published
for
@awsui/components-react
(npm)
Feb 25, 2022
ProTip!
Advisories are also available from the
GraphQL API