GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
147 advisories
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds
Moderate
CVE-2024-45594
was published
for
decidim-meetings
(RubyGems)
Nov 13, 2024
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
Moderate
CVE-2024-43795
was published
for
@openc3/tool-common
(RubyGems)
Oct 2, 2024
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Moderate
GHSA-r9cr-qmfw-pmrc
was published
for
camaleon_cms
(RubyGems)
Sep 18, 2024
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6531
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
•
withdrawn
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6484
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
•
withdrawn
Decidim cross-site scripting (XSS) in the pagination
Moderate
CVE-2024-32469
was published
for
decidim
(RubyGems)
Jul 10, 2024
RailsAdmin Cross-site Scripting vulnerability in the list view
Moderate
CVE-2024-39308
was published
for
rails_admin
(RubyGems)
Jul 8, 2024
ActionText ContentAttachment can Contain Unsanitized HTML
Moderate
CVE-2024-32464
was published
for
actiontext
(RubyGems)
Jun 4, 2024
Trix Editor Arbitrary Code Execution Vulnerability
Moderate
CVE-2024-34341
was published
for
actiontext
(RubyGems)
May 7, 2024
Sidekiq vulnerable to a Reflected XSS in Queues Web Page
Moderate
CVE-2024-32887
was published
for
sidekiq
(RubyGems)
Apr 26, 2024
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained
Moderate
CVE-2024-29034
was published
for
carrierwave
(RubyGems)
Mar 25, 2024
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
Moderate
CVE-2024-27285
was published
for
yard
(RubyGems)
Feb 28, 2024
Rails has possible XSS Vulnerability in Action Controller
Moderate
CVE-2024-26143
was published
for
actionpack
(RubyGems)
Feb 27, 2024
Cross-site scripting (XSS) in the dynamic file uploads
Moderate
CVE-2023-51447
was published
for
decidim
(RubyGems)
Feb 20, 2024
Cross-site scripting (XSS) in Action messages on Avo
Moderate
CVE-2024-22411
was published
for
avo
(RubyGems)
Jan 17, 2024
view_component Cross-site Scripting vulnerability
Moderate
CVE-2024-21636
was published
for
view_component
(RubyGems)
Jan 4, 2024
Resque vulnerable to Reflected Cross Site Scripting through pathnames
Moderate
CVE-2023-50724
was published
for
resque
(RubyGems)
Dec 18, 2023
Resque vulnerable to reflected XSS in resque-web failed and queues lists
Moderate
CVE-2023-50725
was published
for
resque
(RubyGems)
Dec 18, 2023
ProTip!
Advisories are also available from the
GraphQL API