Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,945
Erlang
29
GitHub Actions
16
Go
1,731
Maven
4,961
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

26,130 advisories

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5... Moderate Unreviewed
CVE-2024-4201 was published Jun 13, 2024
Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components Moderate
GHSA-hjx6-f647-mvf9 was published for invenio-communities (pip) Jun 12, 2024
WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms Moderate
CVE-2024-37297 was published for woocommerce/woocommerce (Composer) Jun 12, 2024
A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software... Unknown Unreviewed
CVE-2024-5906 was published Jun 12, 2024
A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1... Moderate Unreviewed
CVE-2024-5897 was published Jun 12, 2024
SummerNote Cross Site Scripting Vulnerability Moderate
CVE-2024-37629 was published for summernote (npm) Jun 12, 2024
A stored cross site scripting vulnerability exists in Tenable Security Center where an... Low Unreviewed
CVE-2024-1891 was published Jun 12, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq
Stored Cross-Site Scripting (XSS) vulnerabilities have been identified in OpenText ArcSight... High Unreviewed
CVE-2024-4190 was published Jun 11, 2024
A use of password hash with insufficient computational effort vulnerability [CWE-916] affecting... Moderate Unreviewed
CVE-2024-23111 was published Jun 11, 2024
A vulnerability classified as problematic was found in smallweigit Avue up to 3.4.4. Affected by... Moderate Unreviewed
CVE-2024-5829 was published Jun 11, 2024
Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to... Moderate Unreviewed
CVE-2024-34686 was published Jun 11, 2024
SAP Financial Consolidation allows data to enter a Web application through an untrusted source.... High Unreviewed
CVE-2024-37177 was published Jun 11, 2024
SAP Financial Consolidation does not sufficiently encode user-controlled inputs, resulting in... Moderate Unreviewed
CVE-2024-37178 was published Jun 11, 2024
ghtml Cross-Site Scripting (XSS) vulnerability High
CVE-2024-37166 was published for ghtml (npm) Jun 10, 2024
lirantal
Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack (XSS). An attacker... Moderate Unreviewed
CVE-2024-3850 was published Jun 10, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-35675 was published Jun 8, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-35676 was published Jun 8, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-35688 was published Jun 8, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-35701 was published Jun 8, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-35696 was published Jun 8, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-35695 was published Jun 8, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-35681 was published Jun 8, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-35703 was published Jun 8, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... High Unreviewed
CVE-2024-35694 was published Jun 8, 2024
ProTip! Advisories are also available from the GraphQL API