GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
139 advisories
Filter by severity
Vitess allows HTML injection in /debug/querylogz & /debug/env
Moderate
CVE-2024-53257
was published
for
vitess.io/vitess
(Go)
Dec 3, 2024
Apache Answer Cross-site Scripting vulnerability
Moderate
CVE-2024-23349
was published
for
github.com/apache/incubator-answer
(Go)
Feb 22, 2024
Hugo does not escape some attributes in internal templates
Moderate
CVE-2024-55601
was published
for
github.com/gohugoio/hugo
(Go)
Dec 9, 2024
Stored XSS using two files in usememos/memos
Moderate
CVE-2023-0109
was published
for
github.com/usememos/memos
(Go)
Nov 15, 2024
Grafana Stored Cross-site Scripting in Unified Alerting
Moderate
CVE-2022-31097
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Cross-site Scripting in github.com/greenpau/caddy-security
Moderate
CVE-2024-21496
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
LocalAI Cross-site Scripting vulnerability
Low
CVE-2024-48057
was published
for
github.com/mudler/LocalAI
(Go)
Nov 5, 2024
Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE
Critical
CVE-2024-51735
was published
for
github.com/j3ssie/osmedeus
(Go)
Nov 5, 2024
Hashicorp Consul Cross-site Scripting vulnerability
Moderate
CVE-2024-10086
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting
Moderate
CVE-2023-52430
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 13, 2024
Alist reflected Cross-Site Scripting vulnerability
Moderate
CVE-2024-47067
was published
for
github.com/alist-org/alist/v3
(Go)
Oct 10, 2024
Gouniverse GoLang CMS vulnerable to Cross-site Scripting
Moderate
CVE-2024-8572
was published
for
github.com/gouniverse/cms
(Go)
Sep 8, 2024
Rancher UI has multiple Cross-Site Scripting (XSS) issues
Moderate
CVE-2022-43760
was published
for
github.com/rancher/rancher
(Go)
Jun 6, 2023
Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036)
Moderate
CVE-2024-41658
was published
for
github.com/casdoor/casdoor
(Go)
Aug 22, 2024
Argo CD's external URLs for Deployments can include JavaScript
Critical
CVE-2022-31035
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd/v2
Moderate
CVE-2021-23347
was published
for
github.com/argoproj/argo-cd/v2
(Go)
May 21, 2021
Gitea Cross-site Scripting Vulnerability
Critical
CVE-2024-6886
was published
for
code.gitea.io/gitea
(Go)
Aug 6, 2024
ZITADEL has improper HTML sanitization in emails and Console UI
Moderate
CVE-2024-41953
was published
for
github.com/zitadel/zitadel
(Go)
Jul 31, 2024
Mattermost Cross-site Scripting vulnerability
Low
CVE-2023-7113
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Dec 29, 2023
Grafana Spoofing originalUrl of snapshots
Moderate
CVE-2022-39324
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana XSS via a query alias for the ElasticSearch datasource
Moderate
CVE-2020-24303
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Grafana stored XSS
Moderate
CVE-2020-11110
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Grafana XSS via a column style
Moderate
CVE-2018-18624
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Grafana XSS via the OpenTSDB datasource
Moderate
CVE-2020-13430
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Grafana XSS in header column rename
Moderate
CVE-2020-12245
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API