Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

25,961 advisories

ID numbers displayed in the lesson overview report required additional sanitizing to prevent a... Unknown Unreviewed
CVE-2024-34000 was published May 31, 2024
Additional sanitizing was required when opening the equation editor to prevent a stored XSS risk... Unknown Unreviewed
CVE-2024-33997 was published May 31, 2024
Insufficient escaping of participants' names in the participants page table resulted in a stored... Unknown Unreviewed
CVE-2024-33998 was published May 31, 2024
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This... Moderate Unreviewed
CVE-2024-31907 was published May 31, 2024
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to stored cross-site scripting. This... Moderate Unreviewed
CVE-2024-31908 was published May 31, 2024
IBM Planning Analytics Local 2.0 and 2.1 is vulnerable to cross-site scripting. This... Moderate Unreviewed
CVE-2024-31889 was published May 31, 2024
TYPO3 Cross-Site Scripting vulnerability in typolinks Moderate
GHSA-75mx-chcf-2q32 was published for typo3/cms (Composer) May 30, 2024
TYPO3 Cross-Site Scripting Vulnerability Exploitable by Editors Moderate
GHSA-wp8j-c736-c5r3 was published for typo3/cms (Composer) May 30, 2024
ExtJS JavaScript framework used in TYPO3 vulnerable to Cross-site Scripting Moderate
GHSA-mxjf-hc9v-xgv2 was published for typo3/cms (Composer) May 30, 2024
OpenCMS Cross-Site Scripting vulnerability Moderate
CVE-2024-5520 was published for org.opencms:opencms-core (Maven) May 30, 2024
TYPO3 Cross-Site Scripting in Filelist Module Moderate
GHSA-6xwf-7rfm-4gwc was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Cross-Site Scripting in Link Handling Moderate
GHSA-4ppr-jw47-9qm5 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Cross-Site Scripting in Form Framework validation handling Moderate
GHSA-95qm-3xp7-vfj5 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API High
GHSA-x428-565f-8xj2 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Cross-Site Scripting in Form Framework Moderate
GHSA-4459-qrcc-vfcf was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Cross-Site Scripting in Language Pack Handling Moderate
GHSA-76r3-m635-p3vc was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Cross-Site Scripting in Fluid ViewHelpers Moderate
GHSA-22q7-cg4r-p9mx was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Cross-Site Scripting in Frontend User Login Moderate
GHSA-8c25-vj2w-p72j was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Cross-Site Scripting in Backend Modal Component Moderate
GHSA-g4c9-qfvw-fmr4 was published for typo3/cms-core (Composer) May 30, 2024
TYPO3 Cross-Site Scripting in Online Media Asset Rendering Moderate
GHSA-wg8h-gxf4-g4gh was published for typo3/cms-core (Composer) May 30, 2024
Thelia BackOffice default template vulnerable to Cross-site Scripting Moderate
GHSA-pp7v-wxx9-hm6r was published for thelia/backoffice-default-template (Composer) May 30, 2024
Thelia Cross-site Scripting vulnerability in BackOffice Moderate
GHSA-vq4j-qcx7-ppc6 was published for thelia/thelia (Composer) May 30, 2024
symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension Moderate
GHSA-g5vj-wj9x-4jg9 was published for symbiote/silverstripe-multivaluefield (Composer) May 29, 2024
ScnSocialAuth Cross-site Scripting vulnerability in login redirect param Moderate
GHSA-g6f5-4w43-2x63 was published for socalnick/scn-social-auth (Composer) May 29, 2024
ansibleguy-webui Cross-site Scripting vulnerability High
CVE-2024-36110 was published for ansibleguy-webui (pip) May 28, 2024
ntrampham ansibleguy
ProTip! Advisories are also available from the GraphQL API