Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,962
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

385 advisories

Loading
html injection vulnerability in the `tuitse_html` function. Moderate
CVE-2024-23341 was published for TuiTse-TsuSin (pip) Jan 22, 2024
JupyterLab vulnerable to SXSS in Markdown Preview Moderate
CVE-2024-22420 was published for jupyterlab (pip) Jan 19, 2024
readthedocs-sphinx-search vulnerable to cross-site scripting when including search results from malicious projects Moderate
GHSA-xgfm-fjx6-62mj was published for readthedocs-sphinx-search (pip) Jan 16, 2024
stsewd
Credited to stsewd
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter Moderate
CVE-2024-22195 was published for jinja2 (pip) Jan 11, 2024
CalumHutton
Credited to CalumHutton
Apache Airflow has a stored cross-site scripting vulnerability Moderate
CVE-2023-47265 was published for apache-airflow (pip) Dec 21, 2023
Maloja error page XSS vulnerability Moderate
GHSA-4h72-34j6-j8x7 was published for malojaserver (pip) Dec 18, 2023
NULLYUKI
Credited to NULLYUKI
Cross-site Scripting (XSS) in MLflow Moderate
CVE-2023-6568 was published for mlflow (pip) Dec 7, 2023
Reflected XSS Vulnerability in dpaste Moderate
CVE-2023-49277 was published for Dpaste (pip) Dec 1, 2023
brianferri
Credited to brianferri
Apache Superset Cross-site Scripting vulnerability Moderate
CVE-2023-43701 was published for apache-superset (pip) Nov 27, 2023
Cross-site Scripting potential in custom links, job buttons, and computed fields High
CVE-2023-48705 was published for nautobot (pip) Nov 22, 2023
Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages Moderate
CVE-2023-47114 was published for ethyca-fides (pip) Nov 8, 2023
RobertKeyser h0wl
Credited to RobertKeyser and h0wl
dtale vulnerable to Remote Code Execution through the Custom Filter Input Moderate
CVE-2023-46134 was published for dtale (pip) Oct 25, 2023
yadhukrishnam
Credited to yadhukrishnam
Fides JavaScript Injection Vulnerability in Privacy Center URL Low
CVE-2023-46126 was published for ethyca-fides (pip) Oct 24, 2023
modoboa Cross-site Scripting vulnerability High
CVE-2023-5689 was published for modoboa (pip) Oct 20, 2023
modoboa Cross-site Scripting vulnerability Critical
CVE-2023-5688 was published for modoboa (pip) Oct 20, 2023
Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins context High
CVE-2023-45815 was published for archivebox (pip) Oct 19, 2023
Zope management interface vulnerable to stored cross site scripting via the title property Low
CVE-2023-44389 was published for Zope (pip) Oct 4, 2023
dataflake drfho
icemac d-maurer
Credited to dataflake, drfho, icemac, and d-maurer
plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait Low
GHSA-hc5c-r8m5-2gfh was published for plone.restapi (pip) Sep 21, 2023
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images Low
CVE-2023-41048 was published for plone.namedfile (pip) Sep 21, 2023
msegoviag
Credited to msegoviag
Zope vulnerable to Stored Cross Site Scripting with SVG images Low
CVE-2023-42458 was published for Zope (pip) Sep 21, 2023
mauritsvanrees icemac
Credited to mauritsvanrees and icemac
cross-site inclusion (XSSI) of files in jupyter-server Moderate
CVE-2023-40170 was published for jupyter-server (pip) Aug 29, 2023
Scancode.io Reflected Cross-Site Scripting (XSS) in license endpoint Moderate
CVE-2023-40024 was published for scancodeio (pip) Aug 15, 2023
0xmpij
Credited to 0xmpij
wger Workout Manager Cross-site Scripting vulnerability Moderate
CVE-2023-38758 was published for wger (pip) Aug 8, 2023
copyparty vulnerable to reflected cross-site scripting via k304 parameter Moderate
CVE-2023-38501 was published for copyparty (pip) Jul 25, 2023
TheHackyDog
Credited to TheHackyDog
Indico vulnerable to Cross-Site-Scripting via confirmation prompts Moderate
CVE-2023-37901 was published for indico (pip) Jul 21, 2023
ThiefMaster
Credited to ThiefMaster
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database