Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,350
Erlang
31
GitHub Actions
22
Go
2,119
Maven
5,000+
npm
3,778
NuGet
680
pip
3,459
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

214 advisories

Loading
XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list High
CVE-2022-36096 was published for org.xwiki.platform:xwiki-platform-index-ui (Maven) Sep 16, 2022
Twisted vulnerable to NameVirtualHost Host header injection Moderate
CVE-2022-39348 was published for twisted (pip) Oct 26, 2022
westonsteimel
A vulnerability, which was classified as problematic, was found in Webmin. Affected is an unknown... Moderate Unreviewed
CVE-2022-3844 was published Nov 3, 2022
Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown Moderate
GHSA-755v-r4x4-qf7m was published for org.keycloak:keycloak-core (Maven) Nov 29, 2022
jxn0
XBlock vulnerable to Cross-Site Scripting (XSS) High
CVE-2022-46147 was published for xblock-drag-and-drop-v2 (pip) Dec 2, 2022
A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages... Moderate Unreviewed
CVE-2022-28703 was published Dec 15, 2022
HTML Injection in Keycloak Admin REST API Moderate
CVE-2022-1274 was published for org.keycloak:keycloak-services (Maven) Mar 1, 2023
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload Moderate
CVE-2023-26046 was published for github.com/kitabisa/teler-waf (Go) Mar 1, 2023
aidilarf
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2021-44196 was published Mar 7, 2023
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2021-44197 was published Mar 7, 2023
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2023-1013 was published Mar 30, 2023
The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101,... Moderate Unreviewed
CVE-2023-29110 was published Apr 11, 2023
The SAP Application Interface (Message Monitoring) - versions 600, 700, allows an authorized... Moderate Unreviewed
CVE-2023-29112 was published Apr 11, 2023
govuk_tech_docs vulnerable to unescaped HTML on search results page Low
CVE-2024-22048 was published for govuk_tech_docs (RubyGems) Apr 11, 2023
ChrisBAshton
An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in... Moderate Unreviewed
CVE-2022-35850 was published Apr 11, 2023
org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting High
CVE-2023-29508 was published for org.xwiki.platform:xwiki-platform-livedata-macro (Maven) Apr 12, 2023
Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4. Moderate Unreviewed
CVE-2023-22309 was published Apr 20, 2023
CraftCMS stored XSS in Quick Post widget error message Low
CVE-2023-33194 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
Craft CMS stored XSS in review volume Moderate
CVE-2023-33196 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
Craft CMS stored XSS in indexedVolumes Moderate
CVE-2023-33197 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
go package pydio cells vulnerable to cross-site scripting Moderate
CVE-2023-2981 was published for github.com/pydio/cells (Go) May 30, 2023
A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been... Low Unreviewed
CVE-2023-3017 was published May 31, 2023
The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and... Moderate Unreviewed
CVE-2019-25144 was published Jun 7, 2023
LeafKit allows XSS with untrusted user input Moderate
CVE-2021-37634 was published for github.com/vapor/leaf-kit (Swift) Jun 9, 2023
alextrob
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters Critical
CVE-2023-35153 was published for org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven) Jun 20, 2023
renniepak
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database