Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

139 advisories

Loading
Vitess allows HTML injection in /debug/querylogz & /debug/env Moderate
CVE-2024-53257 was published for vitess.io/vitess (Go) Dec 3, 2024
quinox
Apache Answer Cross-site Scripting vulnerability Moderate
CVE-2024-23349 was published for github.com/apache/incubator-answer (Go) Feb 22, 2024
Hugo does not escape some attributes in internal templates Moderate
CVE-2024-55601 was published for github.com/gohugoio/hugo (Go) Dec 9, 2024
jmooring
Stored XSS using two files in usememos/memos Moderate
CVE-2023-0109 was published for github.com/usememos/memos (Go) Nov 15, 2024
Grafana Stored Cross-site Scripting in Unified Alerting Moderate
CVE-2022-31097 was published for github.com/grafana/grafana (Go) May 14, 2024
Cross-site Scripting in github.com/greenpau/caddy-security Moderate
CVE-2024-21496 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
LocalAI Cross-site Scripting vulnerability Low
CVE-2024-48057 was published for github.com/mudler/LocalAI (Go) Nov 5, 2024
Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE Critical
CVE-2024-51735 was published for github.com/j3ssie/osmedeus (Go) Nov 5, 2024
n00b-bot
Hashicorp Consul Cross-site Scripting vulnerability Moderate
CVE-2024-10086 was published for github.com/hashicorp/consul (Go) Oct 31, 2024
caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting Moderate
CVE-2023-52430 was published for github.com/greenpau/caddy-security (Go) Feb 13, 2024
Alist reflected Cross-Site Scripting vulnerability Moderate
CVE-2024-47067 was published for github.com/alist-org/alist/v3 (Go) Oct 10, 2024
Gouniverse GoLang CMS vulnerable to Cross-site Scripting Moderate
CVE-2024-8572 was published for github.com/gouniverse/cms (Go) Sep 8, 2024
Rancher UI has multiple Cross-Site Scripting (XSS) issues Moderate
CVE-2022-43760 was published for github.com/rancher/rancher (Go) Jun 6, 2023
bybit-sec andrewpollock
Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036) Moderate
CVE-2024-41658 was published for github.com/casdoor/casdoor (Go) Aug 22, 2024
Argo CD's external URLs for Deployments can include JavaScript Critical
CVE-2022-31035 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
DavidKorczynski AdamKorcz
Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd/v2 Moderate
CVE-2021-23347 was published for github.com/argoproj/argo-cd/v2 (Go) May 21, 2021
Gitea Cross-site Scripting Vulnerability Critical
CVE-2024-6886 was published for code.gitea.io/gitea (Go) Aug 6, 2024
ZITADEL has improper HTML sanitization in emails and Console UI Moderate
CVE-2024-41953 was published for github.com/zitadel/zitadel (Go) Jul 31, 2024
livio-a
Mattermost Cross-site Scripting vulnerability Low
CVE-2023-7113 was published for github.com/mattermost/mattermost/server/v8 (Go) Dec 29, 2023
Grafana Spoofing originalUrl of snapshots Moderate
CVE-2022-39324 was published for github.com/grafana/grafana (Go) May 14, 2024
r3kumar
Grafana XSS via a query alias for the ElasticSearch datasource Moderate
CVE-2020-24303 was published for github.com/grafana/grafana (Go) May 24, 2022
Grafana stored XSS Moderate
CVE-2020-11110 was published for github.com/grafana/grafana (Go) May 24, 2022
Grafana XSS via a column style Moderate
CVE-2018-18624 was published for github.com/grafana/grafana (Go) May 24, 2022
Grafana XSS via the OpenTSDB datasource Moderate
CVE-2020-13430 was published for github.com/grafana/grafana (Go) May 24, 2022
Grafana XSS in header column rename Moderate
CVE-2020-12245 was published for github.com/grafana/grafana (Go) May 24, 2022
ProTip! Advisories are also available from the GraphQL API