GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
Denial of service attack via incorrect parameters in Matrix Synapse
High
CVE-2020-26257
was published
for
matrix-synapse
(pip)
Dec 9, 2020
Reflected cross-site scripting issue in Datasette
High
CVE-2021-32670
was published
for
datasette
(pip)
Jun 7, 2021
Duplicate Advisory: Reflected cross-site scripting issue in Datasette
High
GHSA-gff3-739c-gxfq
was published
for
datasette
(pip)
Jun 10, 2021
•
withdrawn
JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>
High
CVE-2021-32797
was published
for
jupyterlab
(pip)
Aug 23, 2021
Special Element Injection in notebook
High
CVE-2021-32798
was published
for
notebook
(pip)
Aug 23, 2021
Cross-site Scripting in django-helpdesk
High
CVE-2021-3945
was published
for
django-helpdesk
(pip)
Nov 15, 2021
Cross-site Scripting in django-helpdesk
High
CVE-2021-3950
was published
for
django-helpdesk
(pip)
Nov 23, 2021
django-helpdesk is vulnerable to Cross-site Scripting
High
CVE-2021-3994
was published
for
django-helpdesk
(pip)
Dec 3, 2021
calibre-web is vulnerable to Cross-site Scripting
High
CVE-2021-4170
was published
for
calibreweb
(pip)
Jan 21, 2022
Cross Site Scripting vulnerability in django-jsonform's admin form.
High
GHSA-x9jp-4w8m-4f3c
was published
for
django-jsonform
(pip)
Jun 10, 2022
XSS Vulnerability in Markdown Editor
High
GHSA-85q9-7467-r53q
was published
for
inventree
(pip)
Jun 17, 2022
Cross Site Scripting vulnerability in wsgidav when directory browsing is enabled
High
CVE-2022-41905
was published
for
wsgidav
(pip)
Nov 16, 2022
XBlock vulnerable to Cross-Site Scripting (XSS)
High
CVE-2022-46147
was published
for
xblock-drag-and-drop-v2
(pip)
Dec 2, 2022
Kiwi TCMS Stored Cross-site Scripting via SVG file
High
CVE-2023-27489
was published
for
kiwitcms
(pip)
Mar 30, 2023
kiwitcms vulnerable to stored cross-site scripting via unrestricted file upload
High
CVE-2023-33977
was published
for
kiwitcms
(pip)
Jun 6, 2023
Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox
High
CVE-2023-36809
was published
for
kiwitcms
(pip)
Jul 5, 2023
modoboa Cross-site Scripting vulnerability
High
CVE-2023-5689
was published
for
modoboa
(pip)
Oct 20, 2023
Cross-site Scripting potential in custom links, job buttons, and computed fields
High
CVE-2023-48705
was published
for
nautobot
(pip)
Nov 22, 2023
XSS potential in rendered Markdown fields (comments, description, notes, etc.)
High
CVE-2024-23345
was published
for
nautobot
(pip)
Jan 23, 2024
Cross-site Scripting Vulnerability on Avatar Upload
High
CVE-2023-47115
was published
for
label-studio
(pip)
Jan 24, 2024
Cross-site Scripting in Pyhtml2pdf
High
CVE-2024-1647
was published
for
pyhtml2pdf
(pip)
Feb 20, 2024
Potentially untrusted input is rendered as HTML in final output
High
CVE-2024-26151
was published
for
mjml
(pip)
Feb 22, 2024
ProTip!
Advisories are also available from the
GraphQL API