GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
Remote Code Execution on click of <a> Link in markdown preview
High
CVE-2024-49362
was published
for
joplin
(npm)
Nov 14, 2024
Gradio Blocked Path ACL Bypass Vulnerability
Critical
CVE-2025-23042
was published
for
gradio
(pip)
Jan 14, 2025
HTML injection in JupyterLite leading to DOM Clobbering
Moderate
GHSA-gj55-2xf9-67rq
was published
for
jupyterlite-core
(pip)
Sep 6, 2024
DOM Clobbering Gadget found in astro's client-side router that leads to XSS
Moderate
CVE-2024-47885
was published
for
astro
(npm)
Oct 14, 2024
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
High
CVE-2024-47068
was published
for
rollup
(npm)
Sep 23, 2024
Layui has DOM Clobbering gadgets that leads to Cross-site Scripting
Moderate
CVE-2024-47075
was published
for
layui
(npm)
Sep 26, 2024
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
Moderate
CVE-2024-45812
was published
for
vite
(npm)
Sep 17, 2024
DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSS
Moderate
GHSA-84jw-g43v-8gjm
was published
for
@rspack/core
(npm)
Sep 19, 2024
DOM clobbering could escalate to Cross-site Scripting (XSS)
Moderate
CVE-2024-45389
was published
for
@pagefind/default-ui
(npm)
Sep 3, 2024
Webpack's AutoPublicPathRuntimeModule has a DOM Clobbering Gadget that leads to XSS
Moderate
CVE-2024-43788
was published
for
webpack
(npm)
Aug 27, 2024
HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering
High
CVE-2024-43805
was published
for
jupyterlab
(pip)
Aug 29, 2024
ProTip!
Advisories are also available from the
GraphQL API