Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

119 advisories

Loading
Hugo does not escape some attributes in internal templates Moderate
CVE-2024-55601 was published for github.com/gohugoio/hugo (Go) Dec 9, 2024
jmooring
Vitess allows HTML injection in /debug/querylogz & /debug/env Moderate
CVE-2024-53257 was published for vitess.io/vitess (Go) Dec 3, 2024
quinox
Stored XSS using two files in usememos/memos Moderate
CVE-2023-0109 was published for github.com/usememos/memos (Go) Nov 15, 2024
Hashicorp Consul Cross-site Scripting vulnerability Moderate
CVE-2024-10086 was published for github.com/hashicorp/consul (Go) Oct 31, 2024
Alist reflected Cross-Site Scripting vulnerability Moderate
CVE-2024-47067 was published for github.com/alist-org/alist/v3 (Go) Oct 10, 2024
Gouniverse GoLang CMS vulnerable to Cross-site Scripting Moderate
CVE-2024-8572 was published for github.com/gouniverse/cms (Go) Sep 8, 2024
Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036) Moderate
CVE-2024-41658 was published for github.com/casdoor/casdoor (Go) Aug 22, 2024
gotortc Cross-site Scripting vulnerability Moderate
CVE-2024-29191 was published for github.com/AlexxIT/go2rtc (Go) Aug 5, 2024
gotortc Cross-site Scripting vulnerability Moderate
CVE-2024-29193 was published for github.com/AlexxIT/go2rtc (Go) Aug 5, 2024
memos vulnerable to Server-Side Request Forgery and Cross-site Scripting Moderate
CVE-2024-29029 was published for github.com/usememos/memos (Go) Aug 5, 2024
ZITADEL has improper HTML sanitization in emails and Console UI Moderate
CVE-2024-41953 was published for github.com/zitadel/zitadel (Go) Jul 31, 2024
livio-a
Denial of service via malicious preflight requests in github.com/rs/cors Moderate
GHSA-mh55-gqvf-xfwm was published for github.com/rs/cors (Go) Jul 5, 2024
Grafana Spoofing originalUrl of snapshots Moderate
CVE-2022-39324 was published for github.com/grafana/grafana (Go) May 14, 2024
r3kumar
Grafana Stored Cross-site Scripting in Unified Alerting Moderate
CVE-2022-31097 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana proxy Cross-site Scripting Moderate
CVE-2022-21702 was published for github.com/grafana/grafana (Go) May 14, 2024
Hugo Markdown titles do not escaped in internal render hooks Moderate
CVE-2024-32875 was published for github.com/gohugoio/hugo (Go) Apr 23, 2024
ejona86
Apache Answer: XSS vulnerability when changing personal website Moderate
CVE-2024-29217 was published for github.com/apache/incubator-answer (Go) Apr 21, 2024
tiagorlampert CHAOS vulnerable to Cross Site Scripting Moderate
CVE-2024-31839 was published for github.com/tiagorlampert/CHAOS (Go) Apr 12, 2024
Temporal UI Server cross-site scripting vulnerability Moderate
CVE-2024-2435 was published for github.com/temporalio/ui-server/v2 (Go) Apr 2, 2024
CA17 TeamsACS Cross Site Scripting vulnerability Moderate
CVE-2024-22780 was published for github.com/ca17/teamsacs (Go) Apr 2, 2024
Apache Answer Cross-site Scripting vulnerability Moderate
CVE-2024-23349 was published for github.com/apache/incubator-answer (Go) Feb 22, 2024
Cross-site Scripting in github.com/greenpau/caddy-security Moderate
CVE-2024-21496 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting Moderate
CVE-2023-52430 was published for github.com/greenpau/caddy-security (Go) Feb 13, 2024
Grafana Cross-site Scripting (XSS) Moderate
CVE-2018-12099 was published for github.com/grafana/grafana (Go) Jan 31, 2024
Grafana XSS via adding a link in General feature Moderate
CVE-2018-18625 was published for github.com/grafana/grafana (Go) Jan 30, 2024
ProTip! Advisories are also available from the GraphQL API