Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

140 advisories

Loading
Cross-site Scripting in Mingsoft MCMS Low
CVE-2023-3990 was published for net.mingsoft:ms-mcms (Maven) Jul 28, 2023
RuoYi vulnerable to Cross-site Scripting Low
CVE-2023-3815 was published for com.ruoyi:ruoyi (Maven) Jul 21, 2023
Winter CMS stored XSS through privileged upload of SVG file Low
CVE-2023-37269 was published for wintercms/winter (Composer) Jul 7, 2023
abhishekmorla
Spina Cross-site Scripting vulnerability Low
CVE-2023-3445 was published for spina (RubyGems) Jun 28, 2023
CraftCMS stored XSS in Quick Post widget error message Low
CVE-2023-33194 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
Stored cross site scripting in RSS displayer Low
CVE-2023-28820 was published for concrete5/concrete5 (Composer) Apr 28, 2023
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names Low
CVE-2023-28819 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
eslint-detailed-reporter vulnerable to cross-site scripting Low
CVE-2022-4942 was published for eslint-detailed-reporter (npm) Apr 20, 2023
AzuraCast/AzuraCast vulnerable to cross-site scripting Low
CVE-2023-2191 was published for azuracast/azuracast (Composer) Apr 20, 2023
govuk_tech_docs vulnerable to unescaped HTML on search results page Low
CVE-2024-22048 was published for govuk_tech_docs (RubyGems) Apr 11, 2023
ChrisBAshton
teler dashboard vulnerable to DOM-based cross-site scripting (XSS) Low
CVE-2022-23466 was published for teler.app (Go) Dec 6, 2022
Cross-site Scripting in actionpack Low
CVE-2022-3704 was published for actionpack (RubyGems) Oct 27, 2022 withdrawn
rafaelfranca
Argo CD SSO users vulnerable to Cross-site Scripting Low
CVE-2022-31102 was published for github.com/argoproj/argo-cd (Go) Jul 12, 2022
AdamKorcz DavidKorczynski
tdunlap607
Cross site scripting in Concrete CMS Low
CVE-2022-30120 was published for concrete5/core (Composer) Jun 25, 2022
Cross site scripting via cookies in gogs Low
GHSA-pj96-4jhv-v792 was published for gogs.io/gogs (Go) Jun 2, 2022
Cabot Cross Site Scripting (XSS) vulnerability via Endpoint column Low
CVE-2020-7734 was published for cabot (pip) May 24, 2022
Cross-site Scripting in RabbitMQ Low
CVE-2019-11291 was published for rabbit_common (Erlang) May 24, 2022
Drupal cross-site scripting vulnerability via actions feature and trigger module Low
CVE-2010-3094 was published for drupal/drupal (Composer) May 17, 2022
Cross-site Scripting in Apache Struts Low
CVE-2011-1772 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
phpMyAdmin Multiple XSS Vulnerabilities Low
CVE-2012-4579 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Typo3 Backend XSS Vulnerabilities Low
CVE-2012-1606 was published for typo3/cms (Composer) May 17, 2022
phpMyAdmin multiple cross-site scripting vulnerabilities Low
CVE-2012-5339 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page Low
CVE-2012-4345 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
phpMyAdmin Multiple XSS Vulnerabilities After Inline Editing and Save Low
CVE-2011-3591 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
phpMyAdmin Multiple XSS Vulnerabilities Low
CVE-2011-3592 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database