GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
12 advisories
Filter by severity
Argo CD's external URLs for Deployments can include JavaScript
Critical
CVE-2022-31035
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
Gogs vulnerable to Cross-site Scripting
Critical
CVE-2022-32174
was published
for
gogs.io/gogs
(Go)
Oct 11, 2022
usememos/memos vulnerable to Cross-site Scripting
Critical
CVE-2022-4866
was published
for
github.com/usememos/memos
(Go)
Dec 31, 2022
usememos/memos Cross-site Scripting vulnerability
Critical
CVE-2022-4865
was published
for
github.com/usememos/memos
(Go)
Dec 31, 2022
Cross-site scripting vulnerability found in answerdev/answer
Critical
CVE-2023-0740
was published
for
github.com/answerdev/answer
(Go)
Feb 8, 2023
Answer contains Cross-site Scripting vulnerability
Critical
CVE-2023-0742
was published
for
github.com/answerdev/answer
(Go)
Feb 8, 2023
Answer subject to Cross-site Scripting vulnerability
Critical
CVE-2023-0743
was published
for
github.com/answerdev/answer
(Go)
Feb 8, 2023
Answer has Cross-site Scripting vulnerability
Critical
CVE-2023-0741
was published
for
github.com/answerdev/answer
(Go)
Feb 8, 2023
Django Template Engine Vulnerable to XSS
Critical
CVE-2024-22199
was published
for
github.com/gofiber/template/django/v3
(Go)
Jan 11, 2024
Cross-site scripting on application summary component
Critical
CVE-2024-28175
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 15, 2024
Gitea Cross-site Scripting Vulnerability
Critical
CVE-2024-6886
was published
for
code.gitea.io/gitea
(Go)
Aug 6, 2024
Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE
Critical
CVE-2024-51735
was published
for
github.com/j3ssie/osmedeus
(Go)
Nov 5, 2024
ProTip!
Advisories are also available from the
GraphQL API