GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
280 advisories
Filter by severity
Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious...
Critical
Unreviewed
CVE-2023-0829
was published
Sep 20, 2023
Cross Site Scripting vulnerability in Dolibarr ERP CRM
Critical
CVE-2023-38888
was published
for
dolibarr/dolibarr
(Composer)
Sep 20, 2023
A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated...
Critical
Unreviewed
CVE-2023-39612
was published
Sep 16, 2023
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow...
Critical
Unreviewed
CVE-2023-26270
was published
Aug 28, 2023
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows,...
Critical
Unreviewed
CVE-2023-2318
was published
Aug 19, 2023
DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted...
Critical
Unreviewed
CVE-2023-2317
was published
Aug 19, 2023
external-svg-loader Cross-site Scripting vulnerability
Critical
CVE-2023-40013
was published
for
external-svg-loader
(npm)
Aug 14, 2023
Cross-site scripting (XSS) for the Intel(R) DSA software before version 23.1.9 may allow...
Critical
Unreviewed
CVE-2023-27515
was published
Aug 11, 2023
Cross-site Scripting (XSS) in some Intel(R) Manageability Commander software before version 2.3...
Critical
Unreviewed
CVE-2022-29887
was published
Aug 11, 2023
/ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS.
Critical
Unreviewed
CVE-2023-39007
was published
Aug 9, 2023
In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD...
Critical
Unreviewed
CVE-2023-3526
was published
Aug 8, 2023
Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute...
Critical
Unreviewed
CVE-2023-36217
was published
Aug 3, 2023
Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3.
Critical
Unreviewed
CVE-2023-3973
was published
Jul 27, 2023
CleverTap Cordova plugin vulnerable to Cross-site Scripting
Critical
CVE-2023-2507
was published
for
clevertap-cordova
(npm)
Jul 15, 2023
Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2...
Critical
Unreviewed
CVE-2022-46733
was published
Jul 6, 2023
SAUTER Controls moduWeb firmware version 2.7.1 is vulnerable to reflective cross-site scripting ...
Critical
Unreviewed
CVE-2022-40190
was published
Jul 6, 2023
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java...
Critical
Unreviewed
CVE-2023-30320
was published
Jul 6, 2023
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java...
Critical
Unreviewed
CVE-2023-30319
was published
Jul 6, 2023
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker...
Critical
Unreviewed
CVE-2023-34192
was published
Jul 6, 2023
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet...
Critical
Unreviewed
CVE-2023-30321
was published
Jul 6, 2023
org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted
Critical
CVE-2023-36471
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
Jun 30, 2023
XWiki Platform vulnerable to persistent Cross-site Scripting through CKEditor Configuration pages
Critical
CVE-2023-36477
was published
for
org.xwiki.contrib:application-ckeditor-ui
(Maven)
Jun 30, 2023
Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC
Critical
CVE-2022-4361
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 30, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page
Critical
CVE-2023-35161
was published
for
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
(Maven)
Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template
Critical
CVE-2023-35160
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jun 22, 2023
ProTip!
Advisories are also available from the
GraphQL API