GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
139 advisories
Filter by severity
Cross-site Scripting in Gogs
Moderate
CVE-2014-8683
was published
for
gogs.io/gogs
(Go)
Jun 29, 2021
Cross site scripting via cookies in gogs
Low
GHSA-pj96-4jhv-v792
was published
for
gogs.io/gogs
(Go)
Jun 2, 2022
Cross-site Scripting in Alist
Moderate
CVE-2022-26533
was published
for
github.com/Xhofe/alist
(Go)
Mar 13, 2022
Cross-site Scripting in Gogs
Moderate
CVE-2022-1464
was published
for
gogs.io/gogs
(Go)
May 24, 2022
mm-wiki is vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2021-40289
was published
for
github.com/phachon/mm-wiki
(Go)
Nov 10, 2022
Cross-site Scripting vulnerability in repository issue list in Gogs
Moderate
CVE-2022-31038
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
Dutchoders transfer.sh contains an XSS vulnerability via malicious file upload
Moderate
CVE-2022-40931
was published
for
github.com/dutchcoders/transfer.sh
(Go)
Sep 30, 2022
ouqiang gocron Cross-site scripting vulnerability
Moderate
CVE-2022-40365
was published
for
github.com/ouqiang/gocron
(Go)
Sep 15, 2022
usememos/memos vulnerable to stored Cross-site Scripting
Moderate
CVE-2023-0110
was published
for
github.com/usememos/memos
(Go)
Jan 7, 2023
usememos/memos vulnerable to stored Cross-site Scripting
Moderate
CVE-2023-0111
was published
for
github.com/usememos/memos
(Go)
Jan 7, 2023
usememos/memos vulnerable to stored Cross-site Scripting
Moderate
CVE-2023-0112
was published
for
github.com/usememos/memos
(Go)
Jan 7, 2023
usememos/memos vulnerable to stored Cross-site Scripting
Moderate
CVE-2023-0106
was published
for
github.com/usememos/memos
(Go)
Jan 7, 2023
usememos/memos vulnerable to stored Cross-site Scripting
Moderate
CVE-2023-0107
was published
for
github.com/usememos/memos
(Go)
Jan 7, 2023
usememos/memos vulnerable to stored Cross-site Scripting
Moderate
CVE-2023-0108
was published
for
github.com/usememos/memos
(Go)
Jan 7, 2023
gotify/server vulnerable to Cross-site Scripting in the application image file upload
Moderate
CVE-2022-46181
was published
for
github.com/gotify/server
(Go)
Dec 30, 2022
Stored Cross-site Scripting in gitea
Moderate
CVE-2022-1928
was published
for
code.gitea.io/gitea
(Go)
May 30, 2022
Woodpecker allows cross-site scripting (XSS) via build logs
Moderate
CVE-2022-29947
was published
for
github.com/woodpecker-ci/woodpecker
(Go)
Apr 30, 2022
Alist Cross-site Scripting vulnerability
Moderate
CVE-2022-45970
was published
for
github.com/alist-org/alist/v3
(Go)
Dec 12, 2022
teler dashboard vulnerable to DOM-based cross-site scripting (XSS)
Low
CVE-2022-23466
was published
for
teler.app
(Go)
Dec 6, 2022
SFTPGo WebClient vulnerable to Cross-site Scripting
Moderate
CVE-2022-39220
was published
for
github.com/drakkan/sftpgo
(Go)
Sep 20, 2022
Memos Cross-site Scripting vulnerability
Moderate
CVE-2022-4609
was published
for
github.com/usememos/memos
(Go)
Dec 19, 2022
Cross-site scripting in Dutchcoders transfer.sh
Moderate
CVE-2021-33496
was published
for
github.com/dutchcoders/transfer.sh
(Go)
Jun 29, 2021
Cross-site Scripting in Gitea
Moderate
CVE-2021-28378
was published
for
code.gitea.io/gitea
(Go)
Sep 27, 2021
Unsafe inline XSS in pasting DOM element into chat
High
CVE-2021-39183
was published
for
github.com/owncast/owncast
(Go)
Dec 14, 2021
usememos/memos vulnerable to stored Cross-site Scripting
Moderate
CVE-2022-4695
was published
for
github.com/usememos/memos
(Go)
Dec 27, 2022
ProTip!
Advisories are also available from the
GraphQL API