Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

38,129 advisories

Loading
Flowise Cross-site Scripting in /api/v1/public-chatflows/id Moderate
CVE-2024-36423 was published for flowise (npm) Aug 5, 2024
Flowise Cross-site Scripting in/api/v1/credentials/id Moderate
CVE-2024-37146 was published for flowise (npm) Aug 5, 2024
Flowise Cross-site Scripting in api/v1/chatflows/id Moderate
CVE-2024-36422 was published for flowise (npm) Aug 5, 2024
gotortc Cross-site Scripting vulnerability Moderate
CVE-2024-29193 was published for github.com/AlexxIT/go2rtc (Go) Aug 5, 2024
gotortc Cross-site Scripting vulnerability Moderate
CVE-2024-29191 was published for github.com/AlexxIT/go2rtc (Go) Aug 5, 2024
memos vulnerable to Server-Side Request Forgery and Cross-site Scripting Moderate
CVE-2024-29029 was published for github.com/usememos/memos (Go) Aug 5, 2024
NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint Critical
CVE-2023-49785 was published for nextchat (npm) Aug 5, 2024
nvn1729
Credited to nvn1729
Scrypted Cross-site Scripting vulnerability Moderate
CVE-2023-47620 was published for @scrypted/server (npm) Aug 5, 2024
Scrypted Cross-site Scripting vulnerability Moderate
CVE-2023-47623 was published for @scrypted/core (npm) Aug 5, 2024
Editor.js vulnerable to Code Injection Moderate
CVE-2022-23474 was published for @editorjs/editorjs (npm) Aug 5, 2024
nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR Moderate
CVE-2024-34343 was published for nuxt (npm) Aug 5, 2024
OhB00
Credited to OhB00
Microweber Cross Site Scripting (XSS) vulnerability Moderate
CVE-2024-41381 was published for microweber/microweber (Composer) Aug 5, 2024
Microweber Cross Site Scripting (XSS) vulnerability Moderate
CVE-2024-41380 was published for microweber/microweber (Composer) Aug 5, 2024
The Chatbot for WordPress by Collect.chat ⚡️ WordPress plugin before 2.4.4 does not sanitise and... Moderate Unreviewed
CVE-2024-6498 was published Aug 5, 2024
The Community Events WordPress plugin before 1.5.1 does not sanitise and escape some of its... Moderate Unreviewed
CVE-2024-6270 was published Aug 5, 2024
The Pinpoint Booking System WordPress plugin before 2.9.9.4.8 does not sanitise and escape some... Moderate Unreviewed
CVE-2024-3636 was published Aug 5, 2024
The Ditty WordPress plugin before 3.1.45 does not sanitise and escape some parameters, which... Moderate Unreviewed
CVE-2024-6710 was published Aug 5, 2024
A vulnerability has been found in PMWeb 7.2.00 and classified as problematic. Affected by this... Moderate Unreviewed
CVE-2024-7466 was published Aug 5, 2024
A vulnerability was found in FastAdmin 1.5.0.20240328. It has been declared as problematic. This... Moderate Unreviewed
CVE-2024-7453 was published Aug 4, 2024
The Zephyr Project Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2024-7356 was published Aug 3, 2024
The Quiz and Survey Master (QSM) WordPress plugin before 9.1.0 does not properly sanitise and... Moderate Unreviewed
CVE-2024-6390 was published Aug 3, 2024
Reposilite artifacts vulnerable to Stored Cross-site Scripting High
CVE-2024-36115 was published for com.reposilite:reposilite-backend (Maven) Aug 2, 2024
artsploit
Credited to artsploit
Feripro <= v2.2.3 is vulnerable to Cross Site Scripting (XSS) via "/admin/programm/<program_id>... Moderate Unreviewed
CVE-2024-41519 was published Aug 2, 2024
Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are... Moderate Unreviewed
CVE-2024-33893 was published Aug 2, 2024
Ai3 QbiBot does not properly filter user input, allowing unauthenticated remote attackers to... Moderate Unreviewed
CVE-2024-7204 was published Aug 2, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database