Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,337 advisories

Loading
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field) Low
CVE-2024-47058 was published for mautic/core (Composer) Sep 18, 2024
lenonleite escopecz
In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible Low Unreviewed
CVE-2024-46970 was published Sep 16, 2024
A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited,... Low Unreviewed
CVE-2024-27125 was published Sep 6, 2024
Improper neutralization of input in Checkmk before version 2.3.0p14 allows attackers to inject... Low Unreviewed
CVE-2024-38858 was published Sep 2, 2024
A cross-site scripting (XSS) vulnerability in the component admin_datarelate.php of SeaCMS v12.9... Low Unreviewed
CVE-2024-44918 was published Aug 30, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Low Unreviewed
CVE-2022-26328 was published Aug 21, 2024
CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover Low
CVE-2024-43411 was published for ckeditor4 (npm) Aug 21, 2024
In JetBrains TeamCity before 2024.07.1 self XSS was possible in the HashiCorp Vault plugin Low Unreviewed
CVE-2024-43808 was published Aug 16, 2024
In JetBrains TeamCity before 2024.07.1 reflected XSS was possible on the agentPushPreset page Low Unreviewed
CVE-2024-43809 was published Aug 16, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting Low
CVE-2024-7512 was published for concrete5/concrete5 (Composer) Aug 12, 2024
Concrete CMS Stored Cross-site Scripting vulnerability Low
CVE-2024-4350 was published for concrete5/concrete5 (Composer) Aug 12, 2024
The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made... Low Unreviewed
CVE-2024-6692 was published Aug 12, 2024
Concrete CMS Stored XSS in getAttributeSetName Low
CVE-2024-7394 was published for concrete5/concrete5 (Composer) Aug 8, 2024
Stored XSS vulnerability has been discovered in OpenText™ Filr product, affecting versions 24.1.1... Low Unreviewed
CVE-2024-4187 was published Jul 31, 2024
In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page Low Unreviewed
CVE-2024-41826 was published Jul 22, 2024
Zohocorp ManageEngine OpManager, OpManager Plus, OpManager MSP and OpManager Enterprise Edition... Low Unreviewed
CVE-2024-38870 was published Jul 17, 2024
A cross-site scripting vulnerability exists in the admin console OIDC Policy Management Editor.... Low Unreviewed
CVE-2024-22477 was published Jul 10, 2024
October System module has a Reflected XSS via X-October-Request-Handler Header Low
CVE-2024-25637 was published for october/system (Composer) Jun 26, 2024
A vulnerability, which was classified as problematic, was found in ZKTeco ZKBio CVSecurity V5000... Low Unreviewed
CVE-2024-6344 was published Jun 26, 2024
DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document Low
CVE-2024-38364 was published for org.dspace:dspace-server-webapp (Maven) Jun 25, 2024
Xib3rR4dAr
A vulnerability classified as problematic was found in SourceCodester Service Provider Management... Low Unreviewed
CVE-2024-6267 was published Jun 23, 2024
A vulnerability, which was classified as problematic, was found in playSMS 1.4.3. Affected is an... Low Unreviewed
CVE-2024-6251 was published Jun 22, 2024
A vulnerability has been found in Zorlan SkyCaiji up to 2.8 and classified as problematic.... Low Unreviewed
CVE-2024-6252 was published Jun 22, 2024
In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible Low Unreviewed
CVE-2024-38507 was published Jun 18, 2024
A vulnerability, which was classified as problematic, has been found in PHPVibe 11.0.46. This... Low Unreviewed
CVE-2024-6082 was published Jun 18, 2024
ProTip! Advisories are also available from the GraphQL API