GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,259
Composer 4,354
Erlang 31
GitHub Actions 22
Go 2,120
Maven 5,293
npm 3,779
NuGet 681
pip 3,460
Pub 12
RubyGems 892
Rust 888
Swift 38

Unreviewed advisories

All unreviewed 243,870

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

194 advisories

Filter by severity

Sort by

Least recently updated

A stored cross-site scripting (XSS) vulnerability in PHPJabbers Cinema Booking System v2.0 exists... Critical Unreviewed

CVE-2024-57428 was published Feb 6, 2025

A cross-site scripting (xss) vulnerability exists in the dataset upload functionality of ClearML... Critical Unreviewed

CVE-2024-39272 was published Feb 6, 2025

The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG... Critical Unreviewed

CVE-2019-3929 was published May 24, 2022

Software installed and run as a non-privileged user may conduct improper GPU system calls to... Critical Unreviewed

CVE-2024-47891 was published Jan 31, 2025

Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing... Critical Unreviewed

CVE-2022-42948 was published Mar 24, 2023

Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers to execute... Critical Unreviewed

CVE-2024-25292 was published Feb 29, 2024

A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in... Critical Unreviewed

CVE-2024-57686 was published Jan 10, 2025

Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote... Critical Unreviewed

CVE-2024-3847 was published Apr 17, 2024

The AutomatorWP – Automator plugin for no-code automations, webhooks & custom integrations in... Critical Unreviewed

CVE-2024-12626 was published Dec 19, 2024

TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. The... Critical Unreviewed

CVE-2024-12641 was published Dec 16, 2024

Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a... Critical Unreviewed

CVE-2024-11986 was published Dec 13, 2024

whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component. Critical Unreviewed

CVE-2024-53442 was published Dec 5, 2024

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting ... Critical Unreviewed

CVE-2024-54032 was published Dec 10, 2024

Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to... Critical Unreviewed

CVE-2024-6516 was published Dec 5, 2024

Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot... Critical Unreviewed

CVE-2024-49038 was published Nov 26, 2024

An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0... Critical Unreviewed

CVE-2024-51053 was published Nov 18, 2024

A flaw was found in GNOME Maps, which is vulnerable to a code injection attack via its service... Critical Unreviewed

CVE-2023-43091 was published Nov 17, 2024

XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in... Critical Unreviewed

CVE-2024-10217 was published Nov 12, 2024

The Registrations for the Events Calendar WordPress plugin before 2.12.4 does not sanitise and... Critical Unreviewed

CVE-2024-7982 was published Nov 8, 2024

SQL Injection vulnerability in School Task Manager v.1.0 allows a remote attacker to obtain... Critical Unreviewed

CVE-2024-26517 was published May 14, 2024

Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a... Critical Unreviewed

CVE-2024-1676 was published Feb 21, 2024

A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute... Critical Unreviewed

CVE-2024-46538 was published Oct 22, 2024

The affected product is vulnerable to a cross-site scripting attack which may allow an attacker... Critical Unreviewed

CVE-2024-49397 was published Oct 17, 2024

Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 ... Critical Unreviewed

CVE-2024-23786 was published Oct 17, 2024

Zimbra Collaboration before Kepler 9.0.0 Patch 38 GA allows DOM-based JavaScript injection in the... Critical Unreviewed

CVE-2023-50808 was published Feb 13, 2024

Previous 1 2 3 4 5 6 7 8 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

194 advisories