Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

196 advisories

Loading
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been... Low Unreviewed
CVE-2023-3017 was published May 31, 2023
go package pydio cells vulnerable to cross-site scripting Moderate
CVE-2023-2981 was published for github.com/pydio/cells (Go) May 30, 2023
Craft CMS stored XSS in indexedVolumes Moderate
CVE-2023-33197 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
Craft CMS stored XSS in review volume Moderate
CVE-2023-33196 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
CraftCMS stored XSS in Quick Post widget error message Low
CVE-2023-33194 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4. Moderate Unreviewed
CVE-2023-22309 was published Apr 20, 2023
org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting High
CVE-2023-29508 was published for org.xwiki.platform:xwiki-platform-livedata-macro (Maven) Apr 12, 2023
An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in... Moderate Unreviewed
CVE-2022-35850 was published Apr 11, 2023
govuk_tech_docs vulnerable to unescaped HTML on search results page Low
CVE-2024-22048 was published for govuk_tech_docs (RubyGems) Apr 11, 2023
ChrisBAshton
The SAP Application Interface (Message Monitoring) - versions 600, 700, allows an authorized... Moderate Unreviewed
CVE-2023-29112 was published Apr 11, 2023
The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101,... Moderate Unreviewed
CVE-2023-29110 was published Apr 11, 2023
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2023-1013 was published Mar 30, 2023
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2021-44197 was published Mar 7, 2023
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2021-44196 was published Mar 7, 2023
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload Moderate
CVE-2023-26046 was published for github.com/kitabisa/teler-waf (Go) Mar 1, 2023
aidilarf
HTML Injection in Keycloak Admin REST API Moderate
CVE-2022-1274 was published for org.keycloak:keycloak-services (Maven) Mar 1, 2023
A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages... Moderate Unreviewed
CVE-2022-28703 was published Dec 15, 2022
XBlock vulnerable to Cross-Site Scripting (XSS) High
CVE-2022-46147 was published for xblock-drag-and-drop-v2 (pip) Dec 2, 2022
Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown Moderate
GHSA-755v-r4x4-qf7m was published for org.keycloak:keycloak-core (Maven) Nov 29, 2022
jxn0
A vulnerability, which was classified as problematic, was found in Webmin. Affected is an unknown... Moderate Unreviewed
CVE-2022-3844 was published Nov 3, 2022
Twisted vulnerable to NameVirtualHost Host header injection Moderate
CVE-2022-39348 was published for twisted (pip) Oct 26, 2022
westonsteimel
XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list High
CVE-2022-36096 was published for org.xwiki.platform:xwiki-platform-index-ui (Maven) Sep 16, 2022
XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form High
CVE-2022-36097 was published for org.xwiki.platform:xwiki-platform-attachment-ui (Maven) Sep 16, 2022
XWiki Platform Web Parent POM vulnerable to XSS in the attachment history High
CVE-2022-36094 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
HTML Injection in ActiveMQ Artemis Web Console Moderate
CVE-2022-35278 was published for org.apache.activemq:artemis-server (Maven) Aug 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database