GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
38 advisories
Filter by severity
XBlock vulnerable to Cross-Site Scripting (XSS)
High
CVE-2022-46147
was published
for
xblock-drag-and-drop-v2
(pip)
Dec 2, 2022
Cross-site Scripting potential in custom links, job buttons, and computed fields
High
CVE-2023-48705
was published
for
nautobot
(pip)
Nov 22, 2023
Cross-site Scripting Vulnerability on Avatar Upload
High
CVE-2023-47115
was published
for
label-studio
(pip)
Jan 24, 2024
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
High
CVE-2024-52595
was published
for
lxml-html-clean
(pip)
Nov 19, 2024
Cross Site Scripting vulnerability in wsgidav when directory browsing is enabled
High
CVE-2022-41905
was published
for
wsgidav
(pip)
Nov 16, 2022
Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views
High
CVE-2023-28836
was published
for
wagtail
(pip)
Apr 3, 2023
Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields
High
CVE-2021-29434
was published
for
wagtail
(pip)
Apr 20, 2021
Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins context
High
CVE-2023-45815
was published
for
archivebox
(pip)
Oct 19, 2023
pretix Stored Cross-site Scripting vulnerability
High
CVE-2024-8113
was published
for
pretix
(pip)
Aug 23, 2024
Special Element Injection in notebook
High
CVE-2021-32798
was published
for
notebook
(pip)
Aug 23, 2021
modoboa Cross-site Scripting vulnerability
High
CVE-2023-5689
was published
for
modoboa
(pip)
Oct 20, 2023
Denial of service attack via incorrect parameters in Matrix Synapse
High
CVE-2020-26257
was published
for
matrix-synapse
(pip)
Dec 9, 2020
Cross-site Scripting in django-helpdesk
High
CVE-2021-3945
was published
for
django-helpdesk
(pip)
Nov 15, 2021
Cross-site Scripting in django-helpdesk
High
CVE-2021-3950
was published
for
django-helpdesk
(pip)
Nov 23, 2021
django-helpdesk is vulnerable to Cross-site Scripting
High
CVE-2021-3994
was published
for
django-helpdesk
(pip)
Dec 3, 2021
Duplicate Advisory: Reflected cross-site scripting issue in Datasette
High
GHSA-gff3-739c-gxfq
was published
for
datasette
(pip)
Jun 10, 2021
•
withdrawn
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
High
CVE-2024-43805
was published
for
jupyterlab
(pip)
Aug 29, 2024
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution
High
CVE-2024-27133
was published
for
mlflow
(pip)
Feb 24, 2024
Sentry vulnerable to stored Cross-Site Scripting (XSS)
High
CVE-2024-41656
was published
for
sentry
(pip)
Jul 23, 2024
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload
High
CVE-2024-4216
was published
for
pgAdmin4
(pip)
May 2, 2024
ansibleguy-webui Cross-site Scripting vulnerability
High
CVE-2024-36110
was published
for
ansibleguy-webui
(pip)
May 28, 2024
ProTip!
Advisories are also available from the
GraphQL API