GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
139 advisories
Filter by severity
Cross-site Scripting in Documize
Moderate
CVE-2019-19619
was published
for
github.com/documize/community
(Go)
May 18, 2021
Rancher Vulnerable to Cross-site Request Forgery (CSRF)
High
CVE-2019-13209
was published
for
github.com/rancher/rancher
(Go)
May 18, 2021
Cross-site scripting in bluemonday
Moderate
CVE-2021-29272
was published
for
github.com/microcosm-cc/bluemonday
(Go)
May 18, 2021
Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd/v2
Moderate
CVE-2021-23347
was published
for
github.com/argoproj/argo-cd/v2
(Go)
May 21, 2021
Cross-site Scripting in Gogs
Moderate
CVE-2014-8683
was published
for
gogs.io/gogs
(Go)
Jun 29, 2021
Cross-site scripting in Dutchcoders transfer.sh
Moderate
CVE-2021-33496
was published
for
github.com/dutchcoders/transfer.sh
(Go)
Jun 29, 2021
Cross-site Scripting in Beego
Moderate
CVE-2021-39391
was published
for
github.com/beego/beego/v2
(Go)
Sep 15, 2021
Cross-site Scripting in Mattermost
Moderate
CVE-2021-37860
was published
for
github.com/mattermost/mattermost-server/v5
(Go)
Sep 23, 2021
Cross-site Scripting in Gitea
Moderate
CVE-2021-28378
was published
for
code.gitea.io/gitea
(Go)
Sep 27, 2021
Cross-site Scripting in github.com/schollz/rwtxt
Moderate
CVE-2021-20848
was published
for
github.com/schollz/rwtxt
(Go)
Nov 29, 2021
Unsafe inline XSS in pasting DOM element into chat
High
CVE-2021-39183
was published
for
github.com/owncast/owncast
(Go)
Dec 14, 2021
Subdomain Takeover in Interactsh server
Moderate
CVE-2023-36474
was published
for
github.com/projectdiscovery/interactsh
(Go)
Jan 27, 2022
Cross-site Scripting in Gitea
Moderate
CVE-2021-45329
was published
for
github.com/go-gitea/gitea
(Go)
Feb 10, 2022
Cross-site Scripting in Alist
Moderate
CVE-2022-26533
was published
for
github.com/Xhofe/alist
(Go)
Mar 13, 2022
Woodpecker allows cross-site scripting (XSS) via build logs
Moderate
CVE-2022-29947
was published
for
github.com/woodpecker-ci/woodpecker
(Go)
Apr 30, 2022
Grafana XSS Vulnerability
Moderate
CVE-2018-1000816
was published
for
github.com/grafana/grafana
(Go)
May 14, 2022
Grafana Cross-site Scripting vulnerability
Moderate
CVE-2019-13068
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Gitea XSS Vulnerability in Repository Description
Moderate
CVE-2019-1010314
was published
for
code.gitea.io/gitea
(Go)
May 24, 2022
Gitea XSS Vulnerability
Moderate
CVE-2019-1010261
was published
for
code.gitea.io/gitea
(Go)
May 24, 2022
Gophish XSS Vulnerability
Moderate
CVE-2019-16146
was published
for
github.com/gophish/gophish
(Go)
May 24, 2022
Grafana XSS in header column rename
Moderate
CVE-2020-12245
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Grafana XSS via the OpenTSDB datasource
Moderate
CVE-2020-13430
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Grafana XSS via a column style
Moderate
CVE-2018-18624
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Grafana stored XSS
Moderate
CVE-2020-11110
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API