Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,985
Erlang
29
GitHub Actions
16
Go
1,774
Maven
5,000
npm
3,541
NuGet
617
pip
3,123
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

26,660 advisories

Loading
SAP Business Warehouse - Business Planning and Simulation application does not sufficiently... Moderate Unreviewed
CVE-2024-39594 was published Jul 9, 2024
SAP Business Warehouse - Business Planning and Simulation application does not sufficiently... Moderate Unreviewed
CVE-2024-39595 was published Jul 9, 2024
Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker... Moderate Unreviewed
CVE-2024-37173 was published Jul 9, 2024
Custom CSS support option in SAP CRM WebClient UI does not sufficiently encode user-controlled... Moderate Unreviewed
CVE-2024-37174 was published Jul 9, 2024
Due to weak encoding of user-controlled input in SAP NetWeaver Knowledge Management XMLEditor... Moderate Unreviewed
CVE-2024-34685 was published Jul 9, 2024
A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1... Moderate Unreviewed
CVE-2024-39203 was published Jul 8, 2024
RailsAdmin Cross-site Scripting vulnerability in the list view Moderate
CVE-2024-39308 was published for rails_admin (RubyGems) Jul 8, 2024
mshibuya
Apache NiFi vulnerable to Cross-site Scripting Moderate
CVE-2024-37389 was published for org.apache.nifi:nifi-web-ui (Maven) Jul 8, 2024
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20... Moderate Unreviewed
CVE-2024-37528 was published Jul 8, 2024
A vulnerability classified as problematic has been found in heyewei SpringBootCMS up to 2024-05... Moderate Unreviewed
CVE-2024-6539 was published Jul 8, 2024
Cross-site Scripting (XSS) - Stored in GitHub repository stitionai/devika prior to -. High Unreviewed
CVE-2024-5711 was published Jul 8, 2024
A stored cross-site scripting (XSS) vulnerability exists in the 'Upload Knowledge' feature of... Moderate Unreviewed
CVE-2024-6229 was published Jul 7, 2024
An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS... Moderate Unreviewed
CVE-2024-40605 was published Jul 7, 2024
An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via... Moderate Unreviewed
CVE-2024-40602 was published Jul 7, 2024
An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS... Moderate Unreviewed
CVE-2024-40600 was published Jul 7, 2024
An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via... Moderate Unreviewed
CVE-2024-40604 was published Jul 7, 2024
An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via... Moderate Unreviewed
CVE-2024-40599 was published Jul 7, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-37553 was published Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-37554 was published Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-37541 was published Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-37546 was published Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')... Moderate Unreviewed
CVE-2024-37539 was published Jul 6, 2024
Denial of service via malicious preflight requests in github.com/rs/cors Moderate
GHSA-mh55-gqvf-xfwm was published for github.com/rs/cors (Go) Jul 5, 2024
A cross-site scripting (XSS) vulnerability in the Publish Article function of yzmcms v7.1 allows... Moderate Unreviewed
CVE-2024-39174 was published Jul 5, 2024
Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts. Critical Unreviewed
CVE-2024-23997 was published Jul 5, 2024
ProTip! Advisories are also available from the GraphQL API