Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

139 advisories

Loading
Cross-site Scripting in Documize Moderate
CVE-2019-19619 was published for github.com/documize/community (Go) May 18, 2021
Rancher Vulnerable to Cross-site Request Forgery (CSRF) High
CVE-2019-13209 was published for github.com/rancher/rancher (Go) May 18, 2021
Cross-site scripting in bluemonday Moderate
CVE-2021-29272 was published for github.com/microcosm-cc/bluemonday (Go) May 18, 2021
Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd/v2 Moderate
CVE-2021-23347 was published for github.com/argoproj/argo-cd/v2 (Go) May 21, 2021
Cross-site Scripting in Gogs Moderate
CVE-2014-8683 was published for gogs.io/gogs (Go) Jun 29, 2021
Cross-site scripting in Dutchcoders transfer.sh Moderate
CVE-2021-33496 was published for github.com/dutchcoders/transfer.sh (Go) Jun 29, 2021
Cross-site Scripting in Beego Moderate
CVE-2021-39391 was published for github.com/beego/beego/v2 (Go) Sep 15, 2021
Cross-site Scripting in Mattermost Moderate
CVE-2021-37860 was published for github.com/mattermost/mattermost-server/v5 (Go) Sep 23, 2021
andrewpollock
Cross-site Scripting in Gitea Moderate
CVE-2021-28378 was published for code.gitea.io/gitea (Go) Sep 27, 2021
Cross-site Scripting in github.com/schollz/rwtxt Moderate
CVE-2021-20848 was published for github.com/schollz/rwtxt (Go) Nov 29, 2021
tdunlap607
Unsafe inline XSS in pasting DOM element into chat High
CVE-2021-39183 was published for github.com/owncast/owncast (Go) Dec 14, 2021
intrigus-lgtm
Subdomain Takeover in Interactsh server Moderate
CVE-2023-36474 was published for github.com/projectdiscovery/interactsh (Go) Jan 27, 2022
Cross-site Scripting in Gitea Moderate
CVE-2021-45329 was published for github.com/go-gitea/gitea (Go) Feb 10, 2022
Cross-site Scripting in Alist Moderate
CVE-2022-26533 was published for github.com/Xhofe/alist (Go) Mar 13, 2022
Woodpecker allows cross-site scripting (XSS) via build logs Moderate
CVE-2022-29947 was published for github.com/woodpecker-ci/woodpecker (Go) Apr 30, 2022
Grafana XSS Vulnerability Moderate
CVE-2018-1000816 was published for github.com/grafana/grafana (Go) May 14, 2022
Gogs XSS Vulnerability Moderate
CVE-2018-17031 was published for gogs.io/gogs (Go) May 14, 2022
Grafana Cross-site Scripting vulnerability Moderate
CVE-2019-13068 was published for github.com/grafana/grafana (Go) May 24, 2022
Gitea XSS Vulnerability in Repository Description Moderate
CVE-2019-1010314 was published for code.gitea.io/gitea (Go) May 24, 2022
Gitea XSS Vulnerability Moderate
CVE-2019-1010261 was published for code.gitea.io/gitea (Go) May 24, 2022
Gophish XSS Vulnerability Moderate
CVE-2019-16146 was published for github.com/gophish/gophish (Go) May 24, 2022
Grafana XSS in header column rename Moderate
CVE-2020-12245 was published for github.com/grafana/grafana (Go) May 24, 2022
Grafana XSS via the OpenTSDB datasource Moderate
CVE-2020-13430 was published for github.com/grafana/grafana (Go) May 24, 2022
Grafana XSS via a column style Moderate
CVE-2018-18624 was published for github.com/grafana/grafana (Go) May 24, 2022
Grafana stored XSS Moderate
CVE-2020-11110 was published for github.com/grafana/grafana (Go) May 24, 2022
ProTip! Advisories are also available from the GraphQL API