Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
21
Go
2,094
Maven
5,000+
npm
3,759
NuGet
678
pip
3,445
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

73 advisories

Loading
Sulu HTML Injection via Autocomplete Suggestion Low
CVE-2024-24807 was published for sulu/sulu (Composer) Feb 5, 2024
phpMyFAQ vulnerable to stored XSS on attachments filename Moderate
CVE-2024-24574 was published for phpmyfaq/phpmyfaq (Composer) Feb 5, 2024
nikkoenggaliano
Statmic CMS vulnerable to account takeover via XSS and password reset link High
CVE-2024-24570 was published for statamic/cms (Composer) Feb 1, 2024
sec-consult
@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability High
CVE-2024-23841 was published for @apollo/experimental-nextjs-app-support (npm) Jan 30, 2024
phryneas IkeMurami
peakematt
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu Critical
CVE-2023-46732 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Nov 8, 2023
plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait Low
GHSA-hc5c-r8m5-2gfh was published for plone.restapi (pip) Sep 21, 2023
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images Low
CVE-2023-41048 was published for plone.namedfile (pip) Sep 21, 2023
msegoviag
Critters Cross-site Scripting Vulnerability Moderate
CVE-2023-3481 was published for critters (npm) Aug 11, 2023
matrix-react-sdk vulnerable to XSS in Export Chat feature Moderate
CVE-2023-37259 was published for matrix-react-sdk (npm) Jul 18, 2023
XWiki Platform vulnerable to reflected cross-site scripting via delattachment action High
CVE-2023-35157 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 22, 2023
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters Critical
CVE-2023-35153 was published for org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven) Jun 20, 2023
renniepak
LeafKit allows XSS with untrusted user input Moderate
CVE-2021-37634 was published for github.com/vapor/leaf-kit (Swift) Jun 9, 2023
alextrob
go package pydio cells vulnerable to cross-site scripting Moderate
CVE-2023-2981 was published for github.com/pydio/cells (Go) May 30, 2023
Craft CMS stored XSS in indexedVolumes Moderate
CVE-2023-33197 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
Craft CMS stored XSS in review volume Moderate
CVE-2023-33196 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
CraftCMS stored XSS in Quick Post widget error message Low
CVE-2023-33194 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting High
CVE-2023-29508 was published for org.xwiki.platform:xwiki-platform-livedata-macro (Maven) Apr 12, 2023
govuk_tech_docs vulnerable to unescaped HTML on search results page Low
CVE-2024-22048 was published for govuk_tech_docs (RubyGems) Apr 11, 2023
ChrisBAshton
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload Moderate
CVE-2023-26046 was published for github.com/kitabisa/teler-waf (Go) Mar 1, 2023
aidilarf
HTML Injection in Keycloak Admin REST API Moderate
CVE-2022-1274 was published for org.keycloak:keycloak-services (Maven) Mar 1, 2023
XBlock vulnerable to Cross-Site Scripting (XSS) High
CVE-2022-46147 was published for xblock-drag-and-drop-v2 (pip) Dec 2, 2022
Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown Moderate
GHSA-755v-r4x4-qf7m was published for org.keycloak:keycloak-core (Maven) Nov 29, 2022
jxn0
Twisted vulnerable to NameVirtualHost Host header injection Moderate
CVE-2022-39348 was published for twisted (pip) Oct 26, 2022
westonsteimel
XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list High
CVE-2022-36096 was published for org.xwiki.platform:xwiki-platform-index-ui (Maven) Sep 16, 2022
XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form High
CVE-2022-36097 was published for org.xwiki.platform:xwiki-platform-attachment-ui (Maven) Sep 16, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database