Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

407 advisories

Loading
kiwitcms vulnerable to stored cross-site scripting via unrestricted file upload High
CVE-2023-33977 was published for kiwitcms (pip) Jun 6, 2023
mnqazi
avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields High
CVE-2023-34103 was published for avo (RubyGems) Jun 6, 2023
FLX-0x00 Mys7ic
TeamPass vulnerable to stored Cross-site Scripting High
CVE-2023-3084 was published for nilsteampassnet/teampass (Composer) Jun 3, 2023
TeamPass vulnerable to stored Cross-site Scripting High
CVE-2023-3083 was published for nilsteampassnet/teampass (Composer) Jun 3, 2023
TestComplete support Plugin vulnerable to stored Cross-site Scripting High
CVE-2023-33002 was published for org.jenkins-ci.plugins:TestComplete (Maven) May 16, 2023
Jenkins LoadComplete support Plugin Cross-site Scripting vulnerability High
CVE-2023-33007 was published for org.jenkins-ci.plugins:loadcomplete (Maven) May 16, 2023
Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting High
CVE-2023-32977 was published for org.jenkins-ci.plugins.workflow:workflow-job (Maven) May 16, 2023
teampass vulnerable to code injection High
CVE-2023-2591 was published for nilsteampassnet/teampass (Composer) May 9, 2023
Cross Site Scripting in thorsten/phpmyfaq High
CVE-2023-2550 was published for thorsten/phpmyfaq (Composer) May 5, 2023
Cross Site Scripting in OpenTSDB High
CVE-2023-25827 was published for net.opentsdb:opentsdb (Maven) May 3, 2023
WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account High
CVE-2023-30860 was published for wwbn/avideo (Composer) May 1, 2023
gonzxph
Cross site scripting (XSS) in wwbn/avideo High
GHSA-2fch-hv74-fgw9 was published for wwbn/avideo (Composer) Apr 26, 2023
gonzxph
HTML injection in search results via plaintext message highlighting High
CVE-2023-30609 was published for matrix-react-sdk (npm) Apr 25, 2023
Possible XSS injection through Validate::isCleanHTML method High
CVE-2023-30838 was published for prestashop/prestashop (Composer) Apr 25, 2023
touchweb-vincent
sidekiq vulnerable to cross-site scripting High
CVE-2023-1892 was published for sidekiq (RubyGems) Apr 21, 2023
aripollak
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay High
CVE-2023-30614 was published for pay (RubyGems) Apr 20, 2023
p- excid3
Apache Sling Engine vulnerable to cross-site scripting (XSS) that can lead to privilege escalation High
CVE-2022-45064 was published for org.apache.sling:org.apache.sling.engine (Maven) Apr 13, 2023
Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro High
CVE-2023-29207 was published for org.xwiki.platform:xwiki-platform-flamingo (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting High
CVE-2023-29508 was published for org.xwiki.platform:xwiki-platform-livedata-macro (Maven) Apr 12, 2023
Jenkins Quay.io trigger Plugin Cross-site Scripting vulnerability High
CVE-2023-30520 was published for org.jenkins-ci.plugins:quayio-trigger (Maven) Apr 12, 2023
thorsten/phpmyfaq vulnerable to DOM cross-site scripting (XSS) via configuration privacy note URL parameter High
CVE-2023-1882 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via adminlog High
CVE-2023-1878 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via FAQ News link parameter High
CVE-2023-1757 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via artlang parameter High
CVE-2023-1880 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) in FAQ comment username parameter High
CVE-2023-1758 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database