Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

288 advisories

Loading
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements Moderate
CVE-2024-38357 was published for TinyMCE (Composer) Jun 19, 2024
Malav-MK
Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components Moderate
GHSA-hjx6-f647-mvf9 was published for invenio-communities (pip) Jun 12, 2024
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details Moderate
CVE-2024-32077 was published for apache-airflow (pip) May 14, 2024
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter Moderate
CVE-2024-34064 was published for Jinja2 (pip) May 6, 2024
Ry0taK
changedetection.io Cross-site Scripting vulnerability Moderate
CVE-2024-34061 was published for changedetection.io (pip) May 3, 2024
Nguyen-Trung-Kien
aiohttp Cross-site Scripting vulnerability on index pages for static file handling Moderate
CVE-2024-27306 was published for aiohttp (pip) Apr 18, 2024
arkark
Cross-site Scripting (XSS) in mindsdb/mindsdb Moderate
CVE-2024-3575 was published for mindsdb (pip) Apr 16, 2024
XSS via the "Snapshot Test" feature in Classic Webcam plugin settings Moderate
CVE-2024-28237 was published for OctoPrint (pip) Mar 18, 2024
jacopotediosi
Whoogle Search Cross-site Scripting vulnerability Moderate
CVE-2024-22417 was published for whoogle-search (pip) Mar 14, 2024
Django MarkdownX Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-2319 was published for django-markdownx (pip) Mar 8, 2024
esphome vulnerable to stored Cross-site Scripting in edit configuration file API Moderate
CVE-2024-27287 was published for esphome (pip) Mar 6, 2024
Docassemble HTML and javascript injection Moderate
CVE-2024-27290 was published for docassemble.webapp (pip) Feb 29, 2024
richighimi
Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS) Moderate
CVE-2024-27083 was published for Flask-AppBuilder (pip) Feb 28, 2024
chor4o dpgaspar
Label Studio vulnerable to Cross-site Scripting if `<Choices>` or `<Labels>` are used in labeling config Moderate
CVE-2024-26152 was published for label-studio (pip) Feb 22, 2024
isacaya
Dash apps vulnerable to Cross-site Scripting Moderate
CVE-2024-21485 was published for dash (npm) Feb 2, 2024
graingert
Cross-site Scripting Vulnerability on Data Import Moderate
CVE-2024-23633 was published for label-studio (pip) Jan 24, 2024
alex-elttam
html injection vulnerability in the `tuitse_html` function. Moderate
CVE-2024-23341 was published for TuiTse-TsuSin (pip) Jan 22, 2024
JupyterLab vulnerable to SXSS in Markdown Preview Moderate
CVE-2024-22420 was published for jupyterlab (pip) Jan 19, 2024
readthedocs-sphinx-search vulnerable to cross-site scripting when including search results from malicious projects Moderate
GHSA-xgfm-fjx6-62mj was published for readthedocs-sphinx-search (pip) Jan 16, 2024
stsewd
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter Moderate
CVE-2024-22195 was published for jinja2 (pip) Jan 11, 2024
CalumHutton
Apache Airflow has a stored cross-site scripting vulnerability Moderate
CVE-2023-47265 was published for apache-airflow (pip) Dec 21, 2023
Maloja error page XSS vulnerability Moderate
GHSA-4h72-34j6-j8x7 was published for malojaserver (pip) Dec 18, 2023
NULLYUKI
Cross-site Scripting (XSS) in MLflow Moderate
CVE-2023-6568 was published for mlflow (pip) Dec 7, 2023
Reflected XSS Vulnerability in dpaste Moderate
CVE-2023-49277 was published for Dpaste (pip) Dec 1, 2023
brianferri
Apache Superset Cross-site Scripting vulnerability Moderate
CVE-2023-43701 was published for apache-superset (pip) Nov 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database