GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
537 advisories
Filter by severity
Cross-site Scripting in cesium
Moderate
CVE-2023-48094
was published
for
cesium
(npm)
Nov 14, 2023
•
withdrawn
Bootbox.js Cross Site Scripting vulnerability
Moderate
CVE-2023-46998
was published
for
bootbox
(npm)
Nov 14, 2023
NASA Open MCT Cross Site Scripting vulnerability
Moderate
CVE-2023-45885
was published
for
openmct
(npm)
Nov 9, 2023
TinyMCE XSS vulnerability in notificationManager.open API
Moderate
CVE-2023-45819
was published
for
TinyMCE
(Composer)
Oct 19, 2023
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin
Moderate
CVE-2023-45818
was published
for
TinyMCE
(Composer)
Oct 19, 2023
quill-mention Cross-site Scripting vulnerability
Moderate
CVE-2023-26149
was published
for
quill-mention
(npm)
Sep 28, 2023
Jodit Editor vulnerable to cross-site scripting
Moderate
CVE-2023-42399
was published
for
jodit
(npm)
Sep 19, 2023
Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client
High
CVE-2023-41049
was published
for
@dcl/single-sign-on-client
(npm)
Sep 4, 2023
@webiny/react-rich-text-renderer vulnerable to insecure rendering of rich text content
Moderate
CVE-2023-41167
was published
for
@webiny/react-rich-text-renderer
(npm)
Aug 24, 2023
@excalidraw/excalidraw Cross-site Scripting vulnerability
Moderate
CVE-2023-26140
was published
for
@excalidraw/excalidraw
(npm)
Aug 16, 2023
Duplicate Advisory: @excalidraw/excalidraw Cross-site Scripting vulnerability
Moderate
GHSA-fr9g-2m2h-c27j
was published
for
@excalidraw/excalidraw
(npm)
Aug 16, 2023
•
withdrawn
external-svg-loader Cross-site Scripting vulnerability
Critical
CVE-2023-40013
was published
for
external-svg-loader
(npm)
Aug 14, 2023
Svelecte item names vulnerable to execution of arbitrary JavaScript
Moderate
CVE-2023-38687
was published
for
svelecte
(npm)
Aug 14, 2023
Critters Cross-site Scripting Vulnerability
Moderate
CVE-2023-3481
was published
for
critters
(npm)
Aug 11, 2023
Margox Braft-Editor Cross-site Scripting Vulnerability
Moderate
CVE-2021-27524
was published
for
braft-editor
(npm)
Aug 11, 2023
Angular critical CSS inlining Cross-site Scripting Vulnerability Advisory
High
GHSA-r3hf-q8q7-fv2p
was published
for
@nguniversal/common
(npm)
Aug 9, 2023
matrix-react-sdk vulnerable to XSS in Export Chat feature
Moderate
CVE-2023-37259
was published
for
matrix-react-sdk
(npm)
Jul 18, 2023
layui vulnerable to cross-site scripting
Moderate
CVE-2023-3691
was published
for
layui
(npm)
Jul 16, 2023
CleverTap Cordova plugin vulnerable to Cross-site Scripting
Critical
CVE-2023-2507
was published
for
clevertap-cordova
(npm)
Jul 15, 2023
webmention.js Cross-site Scripting vulnerability
High
CVE-2023-3672
was published
for
webmention.js
(npm)
Jul 14, 2023
tarteaucitron.js vulnerable to Cross-site Scripting
Moderate
CVE-2023-3620
was published
for
tarteaucitronjs
(npm)
Jul 11, 2023
ckeditor-wordcount-plugin vulnerable to Cross-site Scripting in Source Mode of Editor
Moderate
CVE-2023-37905
was published
for
ckeditor-wordcount-plugin
(npm)
Jul 10, 2023
@vendure/admin-ui-plugin authenticated Cross-site Scripting vulnerability
Moderate
GHSA-gm68-572p-q28r
was published
for
@vendure/admin-ui-plugin
(npm)
Jul 6, 2023
angular-ui-notification Cross-site Scripting vulnerability
Moderate
CVE-2023-34840
was published
for
angular-ui-notification
(npm)
Jun 30, 2023
Joplin Cross-site Scripting vulnerability
Moderate
CVE-2023-37299
was published
for
joplin
(npm)
Jun 30, 2023
ProTip!
Advisories are also available from the
GraphQL API