Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

341 advisories

Loading
OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates Moderate
CVE-2024-49377 was published for OctoPrint (pip) Nov 5, 2024
jacopotediosi
Lollms vulnerable to Cross-site Scripting Moderate
CVE-2024-6581 was published for lollms (pip) Oct 29, 2024
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files Moderate
CVE-2024-47872 was published for gradio (pip) Oct 10, 2024
ahpaleus Vasco-jofra
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`) Moderate
CVE-2024-43795 was published for @openc3/tool-common (RubyGems) Oct 2, 2024
p-
Prevent XSS from Confidant API call Moderate
CVE-2024-45793 was published for confidant (pip) Sep 20, 2024
whu-lyft meng-han
alejandroroiz achantavy heryxpc anshumanbh bstewart-lyft reindaelman
Aim Stored XSS through TEXT EXPLORER Moderate
CVE-2024-8863 was published for aim (pip) Sep 16, 2024
MindsDB Cross-site Scripting vulnerability Moderate
CVE-2024-45856 was published for mindsdb (pip) Sep 12, 2024
D-Tale vulnerable to Remote Code Execution through the Query input on Chart Builder Moderate
CVE-2024-45595 was published for dtale (pip) Sep 10, 2024
AfterSnows
HTML injection in JupyterLite leading to DOM Clobbering High
GHSA-gj55-2xf9-67rq was published for jupyterlite-core (pip) Sep 6, 2024
ishmeals jackfromeast
Indico has a Cross-Site-Scripting during account creation Moderate
CVE-2024-45399 was published for indico (pip) Sep 4, 2024
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering High
CVE-2024-43805 was published for jupyterlab (pip) Aug 29, 2024
jackfromeast ishmeals
RRosio krassowski
FastAPI Admin Cross-site Scripting vulnerability in the Config-Create function Moderate
CVE-2024-42818 was published for fastapi-admin (pip) Aug 26, 2024
FastAPI Admin cross-site scripting (XSS) vulnerability in the Create Product function Moderate
CVE-2024-42816 was published for fastapi-admin (pip) Aug 26, 2024
pretix Stored Cross-site Scripting vulnerability High
CVE-2024-8113 was published for pretix (pip) Aug 23, 2024
p-w
Apache Airflow Cross-site Scripting Vulnerability Moderate
CVE-2024-41937 was published for apache-airflow (pip) Aug 21, 2024
CKAN has Cross-site Scripting vector in the Datatables view plugin Moderate
CVE-2024-41675 was published for ckan (pip) Aug 21, 2024
gatiszeiris
Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature) Moderate
CVE-2024-43396 was published for khoj (pip) Aug 20, 2024
calligraf0
Open WebUI Stored Cross-Site Scripting Vulnerability Moderate
CVE-2024-6706 was published for open-webui (pip) Aug 8, 2024
Aim Stored Cross-site Scripting Vulnerability Moderate
CVE-2024-6578 was published for aim (pip) Jul 29, 2024
Twisted vulnerable to HTML injection in HTTP redirect body Moderate
CVE-2024-41810 was published for twisted (pip) Jul 29, 2024
v1ktor0t twm
Sentry vulnerable to stored Cross-Site Scripting (XSS) High
CVE-2024-41656 was published for sentry (pip) Jul 23, 2024
stsewd
Calibre-Web Cross Site Scripting (XSS) Moderate
CVE-2024-39123 was published for calibreweb (pip) Jul 19, 2024
Roundup Cross-site Scripting Vulnerability Moderate
CVE-2024-39124 was published for roundup (pip) Jul 17, 2024
Roundup Cross-site Scripting Vulnerability Moderate
CVE-2024-39126 was published for roundup (pip) Jul 17, 2024
Roundup Cross-site Scripting Vulnerability Moderate
CVE-2024-39125 was published for roundup (pip) Jul 17, 2024
ProTip! Advisories are also available from the GraphQL API