Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,225 advisories

Loading
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name High
CVE-2024-47524 was published for librenms/librenms (Composer) Oct 1, 2024
minhnq1618
Decidim has a cross-site scripting vulnerability in the version control page High
CVE-2024-41673 was published for decidim (RubyGems) Oct 1, 2024
The 123.chat - Video Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting in... High Unreviewed
CVE-2024-7869 was published Oct 1, 2024
A stored cross site scripting vulnerability exists in Nessus Network Monitor where an... High Unreviewed
CVE-2024-9158 was published Sep 30, 2024
Advantech ADAM 5550's web application includes a "logs" page where all the HTTP requests... High Unreviewed
CVE-2024-38308 was published Sep 27, 2024
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain... High Unreviewed
CVE-2024-40509 was published Sep 27, 2024
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain... High Unreviewed
CVE-2024-40512 was published Sep 27, 2024
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain... High Unreviewed
CVE-2024-40511 was published Sep 27, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-8608 was published Sep 27, 2024
The The Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... High Unreviewed
CVE-2024-6931 was published Sep 27, 2024
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain... High Unreviewed
CVE-2024-40508 was published Sep 27, 2024
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain... High Unreviewed
CVE-2024-40506 was published Sep 27, 2024
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain... High Unreviewed
CVE-2024-40507 was published Sep 27, 2024
The WordPress Visitors plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a... High Unreviewed
CVE-2022-4541 was published Sep 26, 2024
Vulnerability in Clibo Manager v1.1.9.1 that could allow an attacker to execute an stored Cross... High Unreviewed
CVE-2024-9198 was published Sep 26, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-43959 was published Sep 25, 2024
The Thanh Toán Quét Mã QR Code Tự Động – MoMo, ViettelPay, VNPay và 40 ngân hàng Việt Nam plugin... High Unreviewed
CVE-2024-8914 was published Sep 25, 2024
The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... High Unreviewed
CVE-2024-7617 was published Sep 25, 2024
ProGauge MAGLINK LX CONSOLE does not have sufficient filtering on input fields that are used to... High Unreviewed
CVE-2024-41725 was published Sep 25, 2024
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS High
CVE-2024-47068 was published for rollup (npm) Sep 23, 2024
jackfromeast ishmeals
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-7835 was published Sep 23, 2024
Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes High
CVE-2024-47061 was published for @udecode/plate-core (npm) Sep 20, 2024
A stored Cross-site Scripting (XSS) vulnerability affecting 3DSwym in 3DSwymer from Release... High Unreviewed
CVE-2024-7737 was published Sep 19, 2024
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry... High Unreviewed
CVE-2024-7736 was published Sep 19, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-44002 was published Sep 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database