Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

247 advisories

Loading
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2021-44197 was published Mar 7, 2023
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2023-1013 was published Mar 30, 2023
The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101,... Moderate Unreviewed
CVE-2023-29110 was published Apr 11, 2023
The SAP Application Interface (Message Monitoring) - versions 600, 700, allows an authorized... Moderate Unreviewed
CVE-2023-29112 was published Apr 11, 2023
An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in... Moderate Unreviewed
CVE-2022-35850 was published Apr 11, 2023
Reflective Cross-Site-Scripting in Webconf in Tribe29 Checkmk Appliance before 1.6.4. Moderate Unreviewed
CVE-2023-22309 was published Apr 20, 2023
Craft CMS stored XSS in review volume Moderate
CVE-2023-33196 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
Credited to WhiteBearVN
Craft CMS stored XSS in indexedVolumes Moderate
CVE-2023-33197 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
Credited to WhiteBearVN
go package pydio cells vulnerable to cross-site scripting Moderate
CVE-2023-2981 was published for github.com/pydio/cells (Go) May 30, 2023
The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and... Moderate Unreviewed
CVE-2019-25144 was published Jun 7, 2023
LeafKit allows XSS with untrusted user input Moderate
CVE-2021-37634 was published for github.com/vapor/leaf-kit (Swift) Jun 9, 2023
alextrob
Credited to alextrob
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device... Moderate Unreviewed
CVE-2023-24496 was published Jul 6, 2023
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device... Moderate Unreviewed
CVE-2023-24497 was published Jul 6, 2023
There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and... Moderate Unreviewed
CVE-2022-38210 was published Jul 6, 2023
The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter... Moderate Unreviewed
CVE-2023-1384 was published Jul 6, 2023
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that... Moderate Unreviewed
CVE-2023-25833 was published Jul 6, 2023
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama... Moderate Unreviewed
CVE-2023-0007 was published Jul 6, 2023
matrix-react-sdk vulnerable to XSS in Export Chat feature Moderate
CVE-2023-37259 was published for matrix-react-sdk (npm) Jul 18, 2023
Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30. Moderate Unreviewed
CVE-2023-23548 was published Aug 1, 2023
A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP... Moderate Unreviewed
CVE-2023-20181 was published Aug 4, 2023
A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone... Moderate Unreviewed
CVE-2023-20218 was published Aug 4, 2023
Critters Cross-site Scripting Vulnerability Moderate
CVE-2023-3481 was published for critters (npm) Aug 11, 2023
The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled... Moderate Unreviewed
CVE-2022-4953 was published Aug 14, 2023
A vulnerability in the web-based management interface of Cisco Integrated Management Controller ... Moderate Unreviewed
CVE-2023-20228 was published Aug 16, 2023
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco... Moderate Unreviewed
CVE-2023-20222 was published Aug 17, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database