GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,985
Erlang
29
GitHub Actions
16
Go
1,774
Maven
5,000
npm
3,541
NuGet
617
pip
3,123
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
26,660 advisories
Filter by severity
SAP Business Warehouse - Business Planning and
Simulation application does not sufficiently...
Moderate
Unreviewed
CVE-2024-39594
was published
Jul 9, 2024
SAP Business Warehouse - Business Planning and
Simulation application does not sufficiently...
Moderate
Unreviewed
CVE-2024-39595
was published
Jul 9, 2024
Due to insufficient input validation, SAP
CRM WebClient UI allows an unauthenticated attacker...
Moderate
Unreviewed
CVE-2024-37173
was published
Jul 9, 2024
Custom CSS support option in SAP CRM WebClient
UI does not sufficiently encode user-controlled...
Moderate
Unreviewed
CVE-2024-37174
was published
Jul 9, 2024
Due to weak encoding of user-controlled input in
SAP NetWeaver Knowledge Management XMLEditor...
Moderate
Unreviewed
CVE-2024-34685
was published
Jul 9, 2024
A cross-site scripting (XSS) vulnerability in the Backend Theme Management module of Z-BlogPHP v1...
Moderate
Unreviewed
CVE-2024-39203
was published
Jul 8, 2024
RailsAdmin Cross-site Scripting vulnerability in the list view
Moderate
CVE-2024-39308
was published
for
rails_admin
(RubyGems)
Jul 8, 2024
Apache NiFi vulnerable to Cross-site Scripting
Moderate
CVE-2024-37389
was published
for
org.apache.nifi:nifi-web-ui
(Maven)
Jul 8, 2024
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20...
Moderate
Unreviewed
CVE-2024-37528
was published
Jul 8, 2024
A vulnerability classified as problematic has been found in heyewei SpringBootCMS up to 2024-05...
Moderate
Unreviewed
CVE-2024-6539
was published
Jul 8, 2024
Cross-site Scripting (XSS) - Stored in GitHub repository stitionai/devika prior to -.
High
Unreviewed
CVE-2024-5711
was published
Jul 8, 2024
A stored cross-site scripting (XSS) vulnerability exists in the 'Upload Knowledge' feature of...
Moderate
Unreviewed
CVE-2024-6229
was published
Jul 7, 2024
An issue was discovered in the Foreground skin for MediaWiki through 1.42.1. There is stored XSS...
Moderate
Unreviewed
CVE-2024-40605
was published
Jul 7, 2024
An issue was discovered in the Tempo skin for MediaWiki through 1.42.1. There is stored XSS via...
Moderate
Unreviewed
CVE-2024-40602
was published
Jul 7, 2024
An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS...
Moderate
Unreviewed
CVE-2024-40600
was published
Jul 7, 2024
An issue was discovered in the Nimbus skin for MediaWiki through 1.42.1. There is Stored XSS via...
Moderate
Unreviewed
CVE-2024-40604
was published
Jul 7, 2024
An issue was discovered in the GuMaxDD skin for MediaWiki through 1.42.1. There is stored XSS via...
Moderate
Unreviewed
CVE-2024-40599
was published
Jul 7, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37553
was published
Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37554
was published
Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37541
was published
Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37546
was published
Jul 6, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')...
Moderate
Unreviewed
CVE-2024-37539
was published
Jul 6, 2024
Denial of service via malicious preflight requests in github.com/rs/cors
Moderate
GHSA-mh55-gqvf-xfwm
was published
for
github.com/rs/cors
(Go)
Jul 5, 2024
A cross-site scripting (XSS) vulnerability in the Publish Article function of yzmcms v7.1 allows...
Moderate
Unreviewed
CVE-2024-39174
was published
Jul 5, 2024
Lukas Bach yana =<1.0.16 is vulnerable to Cross Site Scripting (XSS) via src/electron-main.ts.
Critical
Unreviewed
CVE-2024-23997
was published
Jul 5, 2024
ProTip!
Advisories are also available from the
GraphQL API