GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
203 advisories
Filter by severity
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device...
Moderate
Unreviewed
CVE-2023-24497
was published
Jul 6, 2023
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device...
Moderate
Unreviewed
CVE-2023-24496
was published
Jul 6, 2023
XWiki Platform vulnerable to reflected cross-site scripting via delattachment action
High
CVE-2023-35157
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 22, 2023
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters
Critical
CVE-2023-35153
was published
for
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
(Maven)
Jun 20, 2023
LeafKit allows XSS with untrusted user input
Moderate
CVE-2021-37634
was published
for
github.com/vapor/leaf-kit
(Swift)
Jun 9, 2023
The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and...
Moderate
Unreviewed
CVE-2019-25144
was published
Jun 7, 2023
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been...
Low
Unreviewed
CVE-2023-3017
was published
May 31, 2023
go package pydio cells vulnerable to cross-site scripting
Moderate
CVE-2023-2981
was published
for
github.com/pydio/cells
(Go)
May 30, 2023
Craft CMS stored XSS in indexedVolumes
Moderate
CVE-2023-33197
was published
for
craftcms/cms
(Composer)
May 26, 2023
Craft CMS stored XSS in review volume
Moderate
CVE-2023-33196
was published
for
craftcms/cms
(Composer)
May 26, 2023
CraftCMS stored XSS in Quick Post widget error message
Low
CVE-2023-33194
was published
for
craftcms/cms
(Composer)
May 26, 2023
Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4.
Moderate
Unreviewed
CVE-2023-22309
was published
Apr 20, 2023
org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting
High
CVE-2023-29508
was published
for
org.xwiki.platform:xwiki-platform-livedata-macro
(Maven)
Apr 12, 2023
An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in...
Moderate
Unreviewed
CVE-2022-35850
was published
Apr 11, 2023
govuk_tech_docs vulnerable to unescaped HTML on search results page
Low
CVE-2024-22048
was published
for
govuk_tech_docs
(RubyGems)
Apr 11, 2023
The SAP Application Interface (Message Monitoring) - versions 600, 700, allows an authorized...
Moderate
Unreviewed
CVE-2023-29112
was published
Apr 11, 2023
The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101,...
Moderate
Unreviewed
CVE-2023-29110
was published
Apr 11, 2023
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2023-1013
was published
Mar 30, 2023
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2021-44196
was published
Mar 7, 2023
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2021-44197
was published
Mar 7, 2023
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload
Moderate
CVE-2023-26046
was published
for
github.com/kitabisa/teler-waf
(Go)
Mar 1, 2023
HTML Injection in Keycloak Admin REST API
Moderate
CVE-2022-1274
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 1, 2023
A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages...
Moderate
Unreviewed
CVE-2022-28703
was published
Dec 15, 2022
XBlock vulnerable to Cross-Site Scripting (XSS)
High
CVE-2022-46147
was published
for
xblock-drag-and-drop-v2
(pip)
Dec 2, 2022
Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown
Moderate
GHSA-755v-r4x4-qf7m
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 29, 2022
ProTip!
Advisories are also available from the
GraphQL API