Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

203 advisories

Loading
XWiki Platform vulnerable to reflected cross-site scripting via delattachment action High
CVE-2023-35157 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 22, 2023
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters Critical
CVE-2023-35153 was published for org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven) Jun 20, 2023
renniepak
LeafKit allows XSS with untrusted user input Moderate
CVE-2021-37634 was published for github.com/vapor/leaf-kit (Swift) Jun 9, 2023
alextrob
go package pydio cells vulnerable to cross-site scripting Moderate
CVE-2023-2981 was published for github.com/pydio/cells (Go) May 30, 2023
Craft CMS stored XSS in indexedVolumes Moderate
CVE-2023-33197 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
Craft CMS stored XSS in review volume Moderate
CVE-2023-33196 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
CraftCMS stored XSS in Quick Post widget error message Low
CVE-2023-33194 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4. Moderate Unreviewed
CVE-2023-22309 was published Apr 20, 2023
org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting High
CVE-2023-29508 was published for org.xwiki.platform:xwiki-platform-livedata-macro (Maven) Apr 12, 2023
govuk_tech_docs vulnerable to unescaped HTML on search results page Low
CVE-2024-22048 was published for govuk_tech_docs (RubyGems) Apr 11, 2023
ChrisBAshton
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload Moderate
CVE-2023-26046 was published for github.com/kitabisa/teler-waf (Go) Mar 1, 2023
aidilarf
HTML Injection in Keycloak Admin REST API Moderate
CVE-2022-1274 was published for org.keycloak:keycloak-services (Maven) Mar 1, 2023
XBlock vulnerable to Cross-Site Scripting (XSS) High
CVE-2022-46147 was published for xblock-drag-and-drop-v2 (pip) Dec 2, 2022
Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown Moderate
GHSA-755v-r4x4-qf7m was published for org.keycloak:keycloak-core (Maven) Nov 29, 2022
jxn0
ProTip! Advisories are also available from the GraphQL API