Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

280 advisories

Loading
Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious... Critical Unreviewed
CVE-2023-0829 was published Sep 20, 2023
Cross Site Scripting vulnerability in Dolibarr ERP CRM Critical
CVE-2023-38888 was published for dolibarr/dolibarr (Composer) Sep 20, 2023
A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated... Critical Unreviewed
CVE-2023-39612 was published Sep 16, 2023
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow... Critical Unreviewed
CVE-2023-26270 was published Aug 28, 2023
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows,... Critical Unreviewed
CVE-2023-2318 was published Aug 19, 2023
DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted... Critical Unreviewed
CVE-2023-2317 was published Aug 19, 2023
external-svg-loader Cross-site Scripting vulnerability Critical
CVE-2023-40013 was published for external-svg-loader (npm) Aug 14, 2023
r00tdaemon
Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow... Critical Unreviewed
CVE-2023-27515 was published Aug 11, 2023
Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3... Critical Unreviewed
CVE-2022-29887 was published Aug 11, 2023
/ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS. Critical Unreviewed
CVE-2023-39007 was published Aug 9, 2023
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD... Critical Unreviewed
CVE-2023-3526 was published Aug 8, 2023
Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute... Critical Unreviewed
CVE-2023-36217 was published Aug 3, 2023
Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3. Critical Unreviewed
CVE-2023-3973 was published Jul 27, 2023
CleverTap Cordova plugin vulnerable to Cross-site Scripting Critical
CVE-2023-2507 was published for clevertap-cordova (npm) Jul 15, 2023
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2... Critical Unreviewed
CVE-2022-46733 was published Jul 6, 2023
SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting ... Critical Unreviewed
CVE-2022-40190 was published Jul 6, 2023
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java... Critical Unreviewed
CVE-2023-30320 was published Jul 6, 2023
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java... Critical Unreviewed
CVE-2023-30319 was published Jul 6, 2023
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker... Critical Unreviewed
CVE-2023-34192 was published Jul 6, 2023
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet... Critical Unreviewed
CVE-2023-30321 was published Jul 6, 2023
org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted Critical
CVE-2023-36471 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Jun 30, 2023
XWiki Platform vulnerable to persistent Cross-site Scripting through CKEditor Configuration pages Critical
CVE-2023-36477 was published for org.xwiki.contrib:application-ckeditor-ui (Maven) Jun 30, 2023
Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC Critical
CVE-2022-4361 was published for org.keycloak:keycloak-services (Maven) Jun 30, 2023
magicOz
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page Critical
CVE-2023-35161 was published for org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven) Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template Critical
CVE-2023-35160 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Jun 22, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database