GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,945
Erlang
29
GitHub Actions
16
Go
1,731
Maven
4,961
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
26,130 advisories
Filter by severity
A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5...
Moderate
Unreviewed
CVE-2024-4201
was published
Jun 13, 2024
Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components
Moderate
GHSA-hjx6-f647-mvf9
was published
for
invenio-communities
(pip)
Jun 12, 2024
WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms
Moderate
CVE-2024-37297
was published
for
woocommerce/woocommerce
(Composer)
Jun 12, 2024
A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software...
Unknown
Unreviewed
CVE-2024-5906
was published
Jun 12, 2024
A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1...
Moderate
Unreviewed
CVE-2024-5897
was published
Jun 12, 2024
SummerNote Cross Site Scripting Vulnerability
Moderate
CVE-2024-37629
was published
for
summernote
(npm)
Jun 12, 2024
A stored cross site scripting vulnerability exists in Tenable Security Center where an...
Low
Unreviewed
CVE-2024-1891
was published
Jun 12, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter
Critical
CVE-2024-35225
was published
for
jupyter-server-proxy
(pip)
Jun 11, 2024
Stored Cross-Site Scripting (XSS) vulnerabilities have been identified in OpenText ArcSight...
High
Unreviewed
CVE-2024-4190
was published
Jun 11, 2024
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting...
Moderate
Unreviewed
CVE-2024-23111
was published
Jun 11, 2024
A vulnerability classified as problematic was found in smallweigit Avue up to 3.4.4. Affected by...
Moderate
Unreviewed
CVE-2024-5829
was published
Jun 11, 2024
Due to insufficient input validation, SAP CRM
WebClient UI allows an unauthenticated attacker to...
Moderate
Unreviewed
CVE-2024-34686
was published
Jun 11, 2024
SAP Financial Consolidation allows data to enter
a Web application through an untrusted source....
High
Unreviewed
CVE-2024-37177
was published
Jun 11, 2024
SAP Financial Consolidation does not
sufficiently encode user-controlled inputs, resulting in...
Moderate
Unreviewed
CVE-2024-37178
was published
Jun 11, 2024
ghtml Cross-Site Scripting (XSS) vulnerability
High
CVE-2024-37166
was published
for
ghtml
(npm)
Jun 10, 2024
Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). An attacker...
Moderate
Unreviewed
CVE-2024-3850
was published
Jun 10, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-35675
was published
Jun 8, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-35676
was published
Jun 8, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-35688
was published
Jun 8, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-35701
was published
Jun 8, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-35696
was published
Jun 8, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-35695
was published
Jun 8, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-35681
was published
Jun 8, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-35703
was published
Jun 8, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
High
Unreviewed
CVE-2024-35694
was published
Jun 8, 2024
ProTip!
Advisories are also available from the
GraphQL API