GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,275 advisories
Filter by severity
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section
Moderate
CVE-2024-47819
was published
for
@umbraco-cms/backoffice
(npm)
Oct 22, 2024
Admidio Vulnerable to HTML Injection In The Messages Section
Low
CVE-2024-47836
was published
for
admidio/admidio
(Composer)
Oct 16, 2024
Cross site scripting in markdown-to-jsx
Moderate
CVE-2024-21535
was published
for
markdown-to-jsx
(npm)
Oct 15, 2024
DOM Clobbering Gadget found in astro's client-side router that leads to XSS
Moderate
CVE-2024-47885
was published
for
astro
(npm)
Oct 14, 2024
DOMpurify has a nesting-based mXSS
High
CVE-2024-47875
was published
for
dompurify
(npm)
Oct 11, 2024
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files
Moderate
CVE-2024-47872
was published
for
gradio
(pip)
Oct 10, 2024
Alist reflected Cross-Site Scripting vulnerability
Moderate
CVE-2024-47067
was published
for
github.com/alist-org/alist/v3
(Go)
Oct 10, 2024
Magento Open Source Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-45116
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source stored Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-45127
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-45123
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name
Moderate
CVE-2024-45932
was published
for
krayin/laravel-crm
(Composer)
Oct 7, 2024
LimeSurvey Cross Site Scripting vulnerability
Moderate
CVE-2024-28709
was published
for
limesurvey/limesurvey
(Composer)
Oct 7, 2024
LimeSurvey Cross Site Scripting vulnerability
Moderate
CVE-2024-28710
was published
for
limesurvey/limesurvey
(Composer)
Oct 7, 2024
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks
Moderate
CVE-2024-45292
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page
Moderate
GHSA-pf56-h9qf-rxq4
was published
for
@saltcorn/server
(npm)
Oct 7, 2024
Lara-zeus Dynamic Dashboard and Artemis do not validate paragraph widget values which can be used for XSS
Moderate
CVE-2024-47817
was published
for
lara-zeus/artemis
(Composer)
Oct 7, 2024
PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample file
Moderate
CVE-2024-45060
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
Mediawiki Cargo extension vulnerable to Cross-site Scripting
Moderate
CVE-2024-47847
was published
for
mediawiki/cargo
(Composer)
Oct 5, 2024
Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS
Moderate
CVE-2024-47765
was published
for
dev-lancer/minecraft-motd-parser
(Composer)
Oct 4, 2024
Injection of arbitrary HTML/JavaScript code through the media download URL
Moderate
CVE-2024-47617
was published
for
sulu/sulu
(Composer)
Oct 3, 2024
Cross-site Scripting via uploaded SVG
Moderate
CVE-2024-47618
was published
for
sulu/sulu
(Composer)
Oct 3, 2024
Contao allows admin an account to upload SVG file containing malicious JavaScript
Low
CVE-2024-45965
was published
for
contao/contao
(Composer)
Oct 2, 2024
October allows an admin account to upload PDF containing malicious JavaScript
Low
CVE-2024-45962
was published
for
october/october
(Composer)
Oct 2, 2024
Zenario allows authenticated admin users to upload PDF files containing malicious code
Low
CVE-2024-45960
was published
for
tribalsystems/zenario
(Composer)
Oct 2, 2024
Zenario Cross Site Scripting in the Image library
Low
CVE-2024-45964
was published
for
tribalsystems/zenario
(Composer)
Oct 2, 2024
ProTip!
Advisories are also available from the
GraphQL API