GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
104,560 advisories
Filter by severity
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2023-52193
was published
Feb 1, 2024
Payment EX Ver1.1.5b and earlier allows a remote unauthenticated attacker to obtain the...
Moderate
Unreviewed
CVE-2024-24548
was published
Feb 1, 2024
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
Moderate
Unreviewed
CVE-2023-7069
was published
Feb 1, 2024
Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and...
Moderate
Unreviewed
CVE-2024-23941
was published
Feb 1, 2024
In Zscaler Internet Access (ZIA) a mismatch between Connect Host and Client Hello's Server Name...
Moderate
Unreviewed
CVE-2023-28807
was published
Jan 31, 2024
A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects...
Moderate
Unreviewed
CVE-2024-1113
was published
Jan 31, 2024
A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This...
Moderate
Unreviewed
CVE-2024-1114
was published
Jan 31, 2024
A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code...
Moderate
Unreviewed
CVE-2024-1111
was published
Jan 31, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-22146
was published
Jan 31, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-22150
was published
Jan 31, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-22158
was published
Jan 31, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-22153
was published
Jan 31, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-22297
was published
Jan 31, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-22295
was published
Jan 31, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-22292
was published
Jan 31, 2024
An attacker could potentially exploit this vulnerability, leading to files being read from the...
Moderate
Unreviewed
CVE-2023-5390
was published
Jan 31, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-22161
was published
Jan 31, 2024
Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and...
Moderate
Unreviewed
CVE-2023-50166
was published
Jan 31, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-22306
was published
Jan 31, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-22310
was published
Jan 31, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-22302
was published
Jan 31, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-23502
was published
Jan 31, 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-23505
was published
Jan 31, 2024
A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as...
Moderate
Unreviewed
CVE-2023-5992
was published
Jan 31, 2024
An integer overflow was found in the __vsyslog_internal function of the glibc library. This...
Moderate
Unreviewed
CVE-2023-6780
was published
Jan 31, 2024
ProTip!
Advisories are also available from the
GraphQL API