Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

548 advisories

Loading
Margox Braft-Editor Cross-site Scripting Vulnerability Moderate
CVE-2021-27524 was published for braft-editor (npm) Aug 11, 2023
Angular critical CSS inlining Cross-site Scripting Vulnerability Advisory High
GHSA-r3hf-q8q7-fv2p was published for @nguniversal/common (npm) Aug 9, 2023
matrix-react-sdk vulnerable to XSS in Export Chat feature Moderate
CVE-2023-37259 was published for matrix-react-sdk (npm) Jul 18, 2023
layui vulnerable to cross-site scripting Moderate
CVE-2023-3691 was published for layui (npm) Jul 16, 2023
CleverTap Cordova plugin vulnerable to Cross-site Scripting Critical
CVE-2023-2507 was published for clevertap-cordova (npm) Jul 15, 2023
webmention.js Cross-site Scripting vulnerability High
CVE-2023-3672 was published for webmention.js (npm) Jul 14, 2023
tarteaucitron.js vulnerable to Cross-site Scripting Moderate
CVE-2023-3620 was published for tarteaucitronjs (npm) Jul 11, 2023
ckeditor-wordcount-plugin vulnerable to Cross-site Scripting in Source Mode of Editor Moderate
CVE-2023-37905 was published for ckeditor-wordcount-plugin (npm) Jul 10, 2023
sypets ohader
@vendure/admin-ui-plugin authenticated Cross-site Scripting vulnerability Moderate
GHSA-gm68-572p-q28r was published for @vendure/admin-ui-plugin (npm) Jul 6, 2023
Yaniv-git
angular-ui-notification Cross-site Scripting vulnerability Moderate
CVE-2023-34840 was published for angular-ui-notification (npm) Jun 30, 2023
Joplin Cross-site Scripting vulnerability Moderate
CVE-2023-37299 was published for joplin (npm) Jun 30, 2023
Joplin Cross-site Scripting vulnerability Moderate
CVE-2023-37298 was published for joplin (npm) Jun 30, 2023
Duplicate Advisory: jQuery Cross Site Scripting vulnerability Moderate
CVE-2020-23064 was published for jQuery (RubyGems) Jun 26, 2023 withdrawn
eoftedal
@udecode/plate-link does not sanitize URLs to prevent use of the `javascript:` scheme High
CVE-2023-34245 was published for @udecode/plate-link (npm) Jun 9, 2023
OliverWales
Potential for cross-site scripting in PostHog-js Moderate
CVE-2023-32325 was published for posthog-js (npm) May 22, 2023
Cross-site scripting in TotalJS Moderate
CVE-2023-30094 was published for total4 (npm) May 4, 2023
editor.md vulnerable to Cross-site Scripting Moderate
CVE-2023-29641 was published for editor.md (npm) May 1, 2023
HTML injection in search results via plaintext message highlighting High
CVE-2023-30609 was published for matrix-react-sdk (npm) Apr 25, 2023
Nunjucks autoescape bypass leads to cross site scripting Moderate
CVE-2023-2142 was published for nunjucks (npm) Apr 20, 2023
blaiddx64
eslint-detailed-reporter vulnerable to cross-site scripting Low
CVE-2022-4942 was published for eslint-detailed-reporter (npm) Apr 20, 2023
markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS) High
CVE-2023-0835 was published for markdown-pdf (npm) Apr 5, 2023
Pandao Editor.md vulnerable to cross-site scripting (XSS) in editor parameter Moderate
CVE-2020-19698 was published for editor.md (npm) Apr 4, 2023
Pandao Editor.md vulnerable to cross-site scripting (XSS) in iframe src parameter Moderate
CVE-2020-19697 was published for editor.md (npm) Apr 4, 2023
directus vulnerable to HTML Injection in Password Reset email to custom Reset URL High
CVE-2023-27474 was published for directus (npm) Mar 7, 2023
tofran
Vega Expression Language `scale` expression function Cross Site Scripting Moderate
CVE-2023-26486 was published for vega (npm) Mar 2, 2023
ajxchapman
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database