GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,024
Maven
5,000+
npm
3,731
NuGet
662
pip
3,407
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
201 advisories
Filter by severity
TCPDF Cross-site Scripting vulnerability
Moderate
CVE-2024-32489
was published
for
tecnickcom/tcpdf
(Composer)
Apr 15, 2024
Stored XSS in inventory tree rendering in Checkmk before 2.3.0p7, 2.2.0p28, 2.1.0p45 and 2.0.0 (EOL)
Moderate
Unreviewed
CVE-2024-5741
was published
Jun 17, 2024
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution
Critical
CVE-2024-41947
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jul 31, 2024
Mashov - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Moderate
Unreviewed
CVE-2024-41693
was published
Jul 30, 2024
WooCommerce has a Cross-Site Scripting (XSS) Vulnerability in checkout & registration forms
Moderate
CVE-2024-37297
was published
for
woocommerce/woocommerce
(Composer)
Jun 12, 2024
Sentry vulnerable to stored Cross-Site Scripting (XSS)
High
CVE-2024-41656
was published
for
sentry
(pip)
Jul 23, 2024
An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in...
High
Unreviewed
CVE-2024-32484
was published
Jul 22, 2024
Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote...
Moderate
Unreviewed
CVE-2024-27716
was published
Jul 5, 2024
Cross Site Scripting vulnerability in Anchor CMS v.0.12.7 allows a remote attacker to execute...
Moderate
Unreviewed
CVE-2024-37732
was published
Jun 24, 2024
zhimengzhe iBarn v1.5 was discovered to contain a reflected cross-site scripting (XSS)...
Moderate
Unreviewed
CVE-2024-38469
was published
Jun 17, 2024
An issue was discovered in includes/CommentFormatter/CommentParser.php in MediaWiki before 1.39.7...
High
Unreviewed
CVE-2024-34507
was published
May 5, 2024
WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar...
High
Unreviewed
CVE-2024-4439
was published
May 3, 2024
Cross-Site Scripting (XSS) vulnerability in the Settings menu of CMSimple v5.15 allows attackers...
High
Unreviewed
CVE-2024-33423
was published
May 1, 2024
A stored cross-site scripting (XSS) vulnerability in the Advanced Expectation - Response module...
High
Unreviewed
CVE-2024-33831
was published
Apr 30, 2024
A cross-site scripting (XSS) vulnerability in the Settings section of WonderCMS v3.4.3 allows...
Moderate
Unreviewed
CVE-2024-32746
was published
Apr 17, 2024
Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php.
Moderate
Unreviewed
CVE-2024-28417
was published
Mar 14, 2024
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a...
Moderate
Unreviewed
CVE-2024-31062
was published
Mar 28, 2024
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS...
Moderate
Unreviewed
CVE-2020-13965
was published
May 24, 2022
Cross-site Scripting in ZenUML
Moderate
CVE-2024-38527
was published
for
@zenuml/core
(npm)
Jun 26, 2024
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2022-38055
was published
Jun 21, 2024
A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been...
Moderate
Unreviewed
CVE-2024-6108
was published
Jun 18, 2024
Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
Moderate
Unreviewed
CVE-2024-36395
was published
Jun 13, 2024
A vulnerability classified as problematic has been found in playSMS up to 1.4.7. Affected is an...
Moderate
Unreviewed
CVE-2024-5851
was published
Jun 11, 2024
ghtml Cross-Site Scripting (XSS) vulnerability
High
CVE-2024-37166
was published
for
ghtml
(npm)
Jun 10, 2024
TokenController formName not sanitized in hidden input
Moderate
CVE-2024-37156
was published
for
sulu/form-bundle
(Composer)
Jun 6, 2024
ProTip!
Advisories are also available from the
GraphQL API