GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,343 advisories
Filter by severity
Contao allows admin an account to upload SVG file containing malicious JavaScript
Low
CVE-2024-45965
was published
for
contao/contao
(Composer)
Oct 2, 2024
October allows an admin account to upload PDF containing malicious JavaScript
Low
CVE-2024-45962
was published
for
october/october
(Composer)
Oct 2, 2024
Zenario allows authenticated admin users to upload PDF files containing malicious code
Low
CVE-2024-45960
was published
for
tribalsystems/zenario
(Composer)
Oct 2, 2024
Zenario Cross Site Scripting in the Image library
Low
CVE-2024-45964
was published
for
tribalsystems/zenario
(Composer)
Oct 2, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
Low
CVE-2024-47528
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature
Low
CVE-2024-47526
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
Cross site scripting in Concrete CMS
Low
CVE-2024-7398
was published
for
concrete5/concrete5
(Composer)
Sep 25, 2024
Cross site scripting in Concrete CMS
Low
CVE-2024-8291
was published
for
concrete5/concrete5
(Composer)
Sep 25, 2024
A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as...
Low
Unreviewed
CVE-2024-9075
was published
Sep 22, 2024
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible
Low
Unreviewed
CVE-2024-46970
was published
Sep 16, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited,...
Low
Unreviewed
CVE-2024-27125
was published
Sep 6, 2024
Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject...
Low
Unreviewed
CVE-2024-38858
was published
Sep 2, 2024
A cross-site scripting (XSS) vulnerability in the component admin_datarelate.php of SeaCMS v12.9...
Low
Unreviewed
CVE-2024-44918
was published
Aug 30, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Low
Unreviewed
CVE-2022-26328
was published
Aug 21, 2024
CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover
Low
CVE-2024-43411
was published
for
ckeditor4
(npm)
Aug 21, 2024
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin
Low
Unreviewed
CVE-2024-43808
was published
Aug 16, 2024
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page
Low
Unreviewed
CVE-2024-43809
was published
Aug 16, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting
Low
CVE-2024-7512
was published
for
concrete5/concrete5
(Composer)
Aug 12, 2024
Concrete CMS Stored Cross-site Scripting vulnerability
Low
CVE-2024-4350
was published
for
concrete5/concrete5
(Composer)
Aug 12, 2024
The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made...
Low
Unreviewed
CVE-2024-6692
was published
Aug 12, 2024
Concrete CMS Stored XSS in getAttributeSetName
Low
CVE-2024-7394
was published
for
concrete5/concrete5
(Composer)
Aug 8, 2024
Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1...
Low
Unreviewed
CVE-2024-4187
was published
Jul 31, 2024
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page
Low
Unreviewed
CVE-2024-41826
was published
Jul 22, 2024
Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition...
Low
Unreviewed
CVE-2024-38870
was published
Jul 17, 2024
A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor....
Low
Unreviewed
CVE-2024-22477
was published
Jul 10, 2024
ProTip!
Advisories are also available from the
GraphQL API