GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
21 advisories
Filter by severity
Sentry vulnerable to stored Cross-Site Scripting (XSS)
High
CVE-2024-41656
was published
for
sentry
(pip)
Jul 23, 2024
ghtml Cross-Site Scripting (XSS) vulnerability
High
CVE-2024-37166
was published
for
ghtml
(npm)
Jun 10, 2024
Dolibarr Application Home Page has HTML injection vulnerability
High
CVE-2024-23817
was published
for
dolibarr/dolibarr
(Composer)
Apr 18, 2024
Mautic vulnerable to stored cross-site scripting in description field
High
CVE-2021-27915
was published
for
mautic/core
(Composer)
Apr 11, 2024
Withdrawn Advisory: Kirby CMS HTML injection vulnerability
High
CVE-2024-26482
was published
for
getkirby/cms
(Composer)
Feb 22, 2024
•
withdrawn
XSS sidekiq-unique-jobs UI server vulnerability
High
CVE-2024-25122
was published
for
sidekiq-unique-jobs
(RubyGems)
Feb 13, 2024
Rancher API Server Cross-site Scripting Vulnerability
High
CVE-2023-32192
was published
for
github.com/rancher/apiserver
(Go)
Feb 8, 2024
Norman API Cross-site Scripting Vulnerability
High
CVE-2023-32193
was published
for
github.com/rancher/norman
(Go)
Feb 8, 2024
Statmic CMS vulnerable to account takeover via XSS and password reset link
High
CVE-2024-24570
was published
for
statamic/cms
(Composer)
Feb 1, 2024
@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability
High
CVE-2024-23841
was published
for
@apollo/experimental-nextjs-app-support
(npm)
Jan 30, 2024
XWiki Platform vulnerable to reflected cross-site scripting via delattachment action
High
CVE-2023-35157
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 22, 2023
org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting
High
CVE-2023-29508
was published
for
org.xwiki.platform:xwiki-platform-livedata-macro
(Maven)
Apr 12, 2023
XBlock vulnerable to Cross-Site Scripting (XSS)
High
CVE-2022-46147
was published
for
xblock-drag-and-drop-v2
(pip)
Dec 2, 2022
XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list
High
CVE-2022-36096
was published
for
org.xwiki.platform:xwiki-platform-index-ui
(Maven)
Sep 16, 2022
XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form
High
CVE-2022-36097
was published
for
org.xwiki.platform:xwiki-platform-attachment-ui
(Maven)
Sep 16, 2022
XWiki Platform Web Parent POM vulnerable to XSS in the attachment history
High
CVE-2022-36094
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Sep 16, 2022
Cross Site Scripting vulnerability in django-jsonform's admin form.
High
GHSA-x9jp-4w8m-4f3c
was published
for
django-jsonform
(pip)
Jun 10, 2022
Cross-site Scripting in the Flamingo theme manager
High
CVE-2022-29251
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
May 25, 2022
Special Element Injection in notebook
High
CVE-2021-32798
was published
for
notebook
(pip)
Aug 23, 2021
Cross-site scripting (XSS) from field and configuration text displayed in the Panel
High
CVE-2021-32735
was published
for
getkirby/cms
(Composer)
Jul 2, 2021
XSS/Script injection vulnerability in matestack
High
CVE-2020-5241
was published
for
matestack-ui-core
(RubyGems)
Feb 12, 2020
ProTip!
Advisories are also available from the
GraphQL API