Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

939 advisories

Loading
Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a stored cross-site scripting (XSS)... High Unreviewed
CVE-2024-26313 was published Mar 8, 2024
An issue in Ladybird Web Solution Faveo Helpdesk & Servicedesk (On-Premise and Cloud) 9.2.0... High Unreviewed
CVE-2024-51377 was published Nov 1, 2024
Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate... High Unreviewed
CVE-2024-27524 was published Nov 1, 2024
Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote... High Unreviewed
CVE-2020-25730 was published Apr 4, 2024
An issue was discovered in Archer Platform 6 before 2024.04. There is a stored cross-site... High Unreviewed
CVE-2024-34090 was published May 6, 2024
Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to... High Unreviewed
CVE-2024-28715 was published Mar 20, 2024
UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a remote attacker within Wi-Fi... High Unreviewed
CVE-2024-28092 was published Mar 20, 2024
This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data... High Unreviewed
CVE-2024-21678 was published Feb 20, 2024
In Cleo Harmony before 5.8.0.20, VLTrader before 5.8.0.20, and LexiCom before 5.8.0.20, there is... High Unreviewed
CVE-2024-50623 was published Oct 28, 2024
An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under... High Unreviewed
CVE-2024-9394 was published Oct 1, 2024
In Jitsi Meet before 2.0.9779, the functionality to share an image using giphy was implemented in... High Unreviewed
CVE-2024-44080 was published Oct 30, 2024
The WPAdverts – Classifieds Plugin plugin for WordPress is vulnerable to Stored Cross-Site... High Unreviewed
CVE-2024-10108 was published Oct 30, 2024
A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/admin/profile.php... High Unreviewed
CVE-2024-51181 was published Oct 29, 2024
A Reflected Cross Site Scripting (XSS) vulnerability was found in /ifscfinder/index.php in... High Unreviewed
CVE-2024-51180 was published Oct 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-49632 was published Oct 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-49634 was published Oct 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-49637 was published Oct 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-49638 was published Oct 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-49639 was published Oct 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-49641 was published Oct 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-49640 was published Oct 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-49645 was published Oct 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-49643 was published Oct 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-47640 was published Oct 29, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-49635 was published Oct 29, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database