Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

37 advisories

Loading
Denial of service attack via incorrect parameters in Matrix Synapse High
CVE-2020-26257 was published for matrix-synapse (pip) Dec 9, 2020
Reflected cross-site scripting issue in Datasette High
CVE-2021-32670 was published for datasette (pip) Jun 7, 2021
Duplicate Advisory: Reflected cross-site scripting issue in Datasette High
GHSA-gff3-739c-gxfq was published for datasette (pip) Jun 10, 2021 withdrawn
JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form> High
CVE-2021-32797 was published for jupyterlab (pip) Aug 23, 2021
0xDeva
Special Element Injection in notebook High
CVE-2021-32798 was published for notebook (pip) Aug 23, 2021
0xDeva
Cross-site Scripting in django-helpdesk High
CVE-2021-3945 was published for django-helpdesk (pip) Nov 15, 2021
Cross-site Scripting in django-helpdesk High
CVE-2021-3950 was published for django-helpdesk (pip) Nov 23, 2021
django-helpdesk is vulnerable to Cross-site Scripting High
CVE-2021-3994 was published for django-helpdesk (pip) Dec 3, 2021
calibre-web is vulnerable to Cross-site Scripting High
CVE-2021-4170 was published for calibreweb (pip) Jan 21, 2022
Cross-site Scripting in OctoPrint High
CVE-2022-1432 was published for OctoPrint (pip) May 19, 2022
Cross-site Scripting in OctoPrint High
CVE-2022-1430 was published for OctoPrint (pip) May 19, 2022
Cross Site Scripting vulnerability in django-jsonform's admin form. High
GHSA-x9jp-4w8m-4f3c was published for django-jsonform (pip) Jun 10, 2022
XSS Vulnerability in Markdown Editor High
GHSA-85q9-7467-r53q was published for inventree (pip) Jun 17, 2022
Gaurav-G2
Cross Site Scripting vulnerability in wsgidav when directory browsing is enabled High
CVE-2022-41905 was published for wsgidav (pip) Nov 16, 2022
brunnjf
XBlock vulnerable to Cross-Site Scripting (XSS) High
CVE-2022-46147 was published for xblock-drag-and-drop-v2 (pip) Dec 2, 2022
Kiwi TCMS Stored Cross-site Scripting via SVG file High
CVE-2023-27489 was published for kiwitcms (pip) Mar 30, 2023
antoniospataro richardfan0606
kiwitcms vulnerable to stored cross-site scripting via unrestricted file upload High
CVE-2023-33977 was published for kiwitcms (pip) Jun 6, 2023
mnqazi
Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox High
CVE-2023-36809 was published for kiwitcms (pip) Jul 5, 2023
mnqazi MQ-xz
modoboa Cross-site Scripting vulnerability High
CVE-2023-5689 was published for modoboa (pip) Oct 20, 2023
Cross-site Scripting potential in custom links, job buttons, and computed fields High
CVE-2023-48705 was published for nautobot (pip) Nov 22, 2023
XSS potential in rendered Markdown fields (comments, description, notes, etc.) High
CVE-2024-23345 was published for nautobot (pip) Jan 23, 2024
Kircheneer
Cross-site Scripting Vulnerability on Avatar Upload High
CVE-2023-47115 was published for label-studio (pip) Jan 24, 2024
alex-elttam
Cross-site Scripting in Pyhtml2pdf High
CVE-2024-1647 was published for pyhtml2pdf (pip) Feb 20, 2024
Potentially untrusted input is rendered as HTML in final output High
CVE-2024-26151 was published for mjml (pip) Feb 22, 2024
sh-at-cs
Cross-site Scripting in MLFlow High
CVE-2024-27132 was published for mlflow (pip) Feb 24, 2024
ProTip! Advisories are also available from the GraphQL API