Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

537 advisories

Loading
Cross-site Scripting in cesium Moderate
CVE-2023-48094 was published for cesium (npm) Nov 14, 2023 withdrawn
juburr
Bootbox.js Cross Site Scripting vulnerability Moderate
CVE-2023-46998 was published for bootbox (npm) Nov 14, 2023
NASA Open MCT Cross Site Scripting vulnerability Moderate
CVE-2023-45885 was published for openmct (npm) Nov 9, 2023
MarkLee131
TinyMCE XSS vulnerability in notificationManager.open API Moderate
CVE-2023-45819 was published for TinyMCE (Composer) Oct 19, 2023
philipsinnott
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin Moderate
CVE-2023-45818 was published for TinyMCE (Composer) Oct 19, 2023
masatokinugawa
quill-mention Cross-site Scripting vulnerability Moderate
CVE-2023-26149 was published for quill-mention (npm) Sep 28, 2023
Jodit Editor vulnerable to cross-site scripting Moderate
CVE-2023-42399 was published for jodit (npm) Sep 19, 2023
Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client High
CVE-2023-41049 was published for @dcl/single-sign-on-client (npm) Sep 4, 2023
@webiny/react-rich-text-renderer vulnerable to insecure rendering of rich text content Moderate
CVE-2023-41167 was published for @webiny/react-rich-text-renderer (npm) Aug 24, 2023
@excalidraw/excalidraw Cross-site Scripting vulnerability Moderate
CVE-2023-26140 was published for @excalidraw/excalidraw (npm) Aug 16, 2023
Duplicate Advisory: @excalidraw/excalidraw Cross-site Scripting vulnerability Moderate
GHSA-fr9g-2m2h-c27j was published for @excalidraw/excalidraw (npm) Aug 16, 2023 withdrawn
external-svg-loader Cross-site Scripting vulnerability Critical
CVE-2023-40013 was published for external-svg-loader (npm) Aug 14, 2023
r00tdaemon
Svelecte item names vulnerable to execution of arbitrary JavaScript Moderate
CVE-2023-38687 was published for svelecte (npm) Aug 14, 2023
FeldrinH
Critters Cross-site Scripting Vulnerability Moderate
CVE-2023-3481 was published for critters (npm) Aug 11, 2023
Margox Braft-Editor Cross-site Scripting Vulnerability Moderate
CVE-2021-27524 was published for braft-editor (npm) Aug 11, 2023
Angular critical CSS inlining Cross-site Scripting Vulnerability Advisory High
GHSA-r3hf-q8q7-fv2p was published for @nguniversal/common (npm) Aug 9, 2023
matrix-react-sdk vulnerable to XSS in Export Chat feature Moderate
CVE-2023-37259 was published for matrix-react-sdk (npm) Jul 18, 2023
layui vulnerable to cross-site scripting Moderate
CVE-2023-3691 was published for layui (npm) Jul 16, 2023
CleverTap Cordova plugin vulnerable to Cross-site Scripting Critical
CVE-2023-2507 was published for clevertap-cordova (npm) Jul 15, 2023
webmention.js Cross-site Scripting vulnerability High
CVE-2023-3672 was published for webmention.js (npm) Jul 14, 2023
tarteaucitron.js vulnerable to Cross-site Scripting Moderate
CVE-2023-3620 was published for tarteaucitronjs (npm) Jul 11, 2023
ckeditor-wordcount-plugin vulnerable to Cross-site Scripting in Source Mode of Editor Moderate
CVE-2023-37905 was published for ckeditor-wordcount-plugin (npm) Jul 10, 2023
sypets ohader
@vendure/admin-ui-plugin authenticated Cross-site Scripting vulnerability Moderate
GHSA-gm68-572p-q28r was published for @vendure/admin-ui-plugin (npm) Jul 6, 2023
Yaniv-git
angular-ui-notification Cross-site Scripting vulnerability Moderate
CVE-2023-34840 was published for angular-ui-notification (npm) Jun 30, 2023
Joplin Cross-site Scripting vulnerability Moderate
CVE-2023-37299 was published for joplin (npm) Jun 30, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database