Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

407 advisories

Loading
Reposilite artifacts vulnerable to Stored Cross-site Scripting High
CVE-2024-36115 was published for com.reposilite:reposilite-backend (Maven) Aug 2, 2024
artsploit
OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand High
CVE-2024-47880 was published for org.openrefine:openrefine (Maven) Oct 24, 2024
OpenRefine has a reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt) High
CVE-2024-47878 was published for org.openrefine:extensions (Maven) Oct 24, 2024
activeadmin vulnerable to stored persistent cross-site scripting (XSS) in dynamic form legends High
CVE-2024-37031 was published for activeadmin (RubyGems) Jun 2, 2024
aoprea1982
DOMpurify has a nesting-based mXSS High
CVE-2024-47875 was published for dompurify (npm) Oct 11, 2024
bastien-roucaries eslerm
Cross-site Scripting in OctoPrint High
CVE-2022-1430 was published for OctoPrint (pip) May 19, 2022
Cross-site Scripting in OctoPrint High
CVE-2022-1432 was published for OctoPrint (pip) May 19, 2022
pretix Stored Cross-site Scripting vulnerability High
CVE-2024-8113 was published for pretix (pip) Aug 23, 2024
p-w
Decidim has a cross-site scripting vulnerability in the version control page High
CVE-2024-41673 was published for decidim (RubyGems) Oct 1, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name High
CVE-2024-47524 was published for librenms/librenms (Composer) Oct 1, 2024
minhnq1618
Special Element Injection in notebook High
CVE-2021-32798 was published for notebook (pip) Aug 23, 2021
0xDeva
modoboa Cross-site Scripting vulnerability High
CVE-2023-5689 was published for modoboa (pip) Oct 20, 2023
Mautic vulnerable to stored cross-site scripting in description field High
CVE-2021-27915 was published for mautic/core (Composer) Apr 11, 2024
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS High
CVE-2024-47068 was published for rollup (npm) Sep 23, 2024
jackfromeast ishmeals
Denial of service attack via incorrect parameters in Matrix Synapse High
CVE-2020-26257 was published for matrix-synapse (pip) Dec 9, 2020
JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form> High
CVE-2021-32797 was published for jupyterlab (pip) Aug 23, 2021
0xDeva
Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes High
CVE-2024-47061 was published for @udecode/plate-core (npm) Sep 20, 2024
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped High
CVE-2024-45592 was published for damienharper/auditor-bundle (Composer) Sep 10, 2024
fkropfhamer
Cross-site Scripting in django-helpdesk High
CVE-2021-3945 was published for django-helpdesk (pip) Nov 15, 2021
Cross-site Scripting in django-helpdesk High
CVE-2021-3950 was published for django-helpdesk (pip) Nov 23, 2021
django-helpdesk is vulnerable to Cross-site Scripting High
CVE-2021-3994 was published for django-helpdesk (pip) Dec 3, 2021
Reflected cross-site scripting issue in Datasette High
CVE-2021-32670 was published for datasette (pip) Jun 7, 2021
Duplicate Advisory: Reflected cross-site scripting issue in Datasette High
GHSA-gff3-739c-gxfq was published for datasette (pip) Jun 10, 2021 withdrawn
HTML injection in JupyterLite leading to DOM Clobbering High
GHSA-gj55-2xf9-67rq was published for jupyterlite-core (pip) Sep 6, 2024
ishmeals jackfromeast
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering High
CVE-2024-43805 was published for jupyterlab (pip) Aug 29, 2024
jackfromeast ishmeals
RRosio krassowski
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database