Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,037
Erlang
29
GitHub Actions
18
Go
1,851
Maven
5,000+
npm
3,585
NuGet
636
pip
3,169
Pub
10
RubyGems
850
Rust
803
Swift
34
Unreviewed advisories
All unreviewed
5,000+

27,394 advisories

A vulnerability in the web-based management interface of Cisco Unified Communications Manager ... Moderate Unreviewed
CVE-2024-20488 was published Aug 21, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2022-26328 was published Aug 21, 2024
Apache Airflow Cross-site Scripting Vulnerability Moderate
CVE-2024-41937 was published for apache-airflow (pip) Aug 21, 2024
CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover Low
CVE-2024-43411 was published for ckeditor4 (npm) Aug 21, 2024
Code Snippet GeSHi plugin has reflected cross-site scripting (XSS) vulnerability Moderate
CVE-2024-43407 was published for ckeditor4 (npm) Aug 21, 2024
CKAN has Cross-site Scripting vector in the Datatables view plugin Moderate
CVE-2024-41675 was published for ckan (pip) Aug 21, 2024
gatiszeiris
The Phlox PRO theme for WordPress is vulnerable to Reflected Cross-Site Scripting via search... Moderate Unreviewed
CVE-2024-6339 was published Aug 21, 2024
The LH Add Media From Url plugin for WordPress is vulnerable to Reflected Cross-Site Scripting... Moderate Unreviewed
CVE-2024-7090 was published Aug 21, 2024
The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-7134 was published Aug 21, 2024
The WordSurvey plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ... Moderate Unreviewed
CVE-2024-6767 was published Aug 21, 2024
A cross-site scripting (XSS) vulnerability in the component /index/index.html of YZNCMS v1.4.2... Moderate Unreviewed
CVE-2024-42939 was published Aug 21, 2024
A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been... Moderate Unreviewed
CVE-2024-8022 was published Aug 21, 2024
Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature) Moderate
CVE-2024-43396 was published for khoj (pip) Aug 20, 2024
calligraf0
The stripImages and stripIframes methods didn't properly process inputs, leading to XSS vectors. Unknown Unreviewed
CVE-2024-40743 was published Aug 20, 2024
The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions. Unknown Unreviewed
CVE-2024-27186 was published Aug 20, 2024
Friendica 2024.03 is vulnerable to Cross Site Scripting (XSS) in settings/profile via the... Moderate Unreviewed
CVE-2024-39094 was published Aug 20, 2024
An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in... High Unreviewed
CVE-2024-6379 was published Aug 20, 2024
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry... High Unreviewed
CVE-2024-6378 was published Aug 20, 2024
A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE... High Unreviewed
CVE-2024-6377 was published Aug 20, 2024
A stored cross-site scripting (XSS) vulnerability in Typecho v1.3.0 allows attackers to execute... High Unreviewed
CVE-2024-35540 was published Aug 20, 2024
7Twenty - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site... Moderate Unreviewed
CVE-2024-42335 was published Aug 20, 2024
A cross-site scripting (XSS) vulnerability in the component update_page_details.php of Blood Bank... Moderate Unreviewed
CVE-2024-42560 was published Aug 20, 2024
The Popup Maker – Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups... Moderate Unreviewed
CVE-2024-7054 was published Aug 20, 2024
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form &... Moderate Unreviewed
CVE-2024-7775 was published Aug 20, 2024
The WP Last Modified Info plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-6864 was published Aug 20, 2024
ProTip! Advisories are also available from the GraphQL API