Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,336
NuGet
764
pip
4,111
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

468 advisories

Loading
Joplin Cross-site Scripting vulnerability Moderate
CVE-2023-37299 was published for joplin (npm) Jun 30, 2023
Joplin Cross-site Scripting vulnerability Moderate
CVE-2023-37298 was published for joplin (npm) Jun 30, 2023
Duplicate Advisory: jQuery Cross Site Scripting vulnerability Moderate
CVE-2020-23064 was published for jQuery (RubyGems) Jun 26, 2023 withdrawn
eoftedal
Credited to eoftedal
Potential for cross-site scripting in PostHog-js Moderate
CVE-2023-32325 was published for posthog-js (npm) May 22, 2023
Cross-site scripting in TotalJS Moderate
CVE-2023-30094 was published for total4 (npm) May 4, 2023
editor.md vulnerable to Cross-site Scripting Moderate
CVE-2023-29641 was published for editor.md (npm) May 1, 2023
Nunjucks autoescape bypass leads to cross site scripting Moderate
CVE-2023-2142 was published for nunjucks (npm) Apr 20, 2023
zerohorsepower
Credited to zerohorsepower
Pandao Editor.md vulnerable to cross-site scripting (XSS) in iframe src parameter Moderate
CVE-2020-19697 was published for editor.md (npm) Apr 4, 2023
Pandao Editor.md vulnerable to cross-site scripting (XSS) in editor parameter Moderate
CVE-2020-19698 was published for editor.md (npm) Apr 4, 2023
Vega Expression Language `scale` expression function Cross Site Scripting Moderate
CVE-2023-26486 was published for vega (npm) Mar 2, 2023
ajxchapman hydrosquall
Credited to ajxchapman and hydrosquall
Vega has Cross-site Scripting vulnerability in `lassoAppend` function Moderate
CVE-2023-26487 was published for vega (npm) Mar 2, 2023
azasypkin jkakavas
Credited to azasypkin and jkakavas
rsshub vulnerable to Cross-site Scripting via unvalidated URL parameters Moderate
CVE-2023-26491 was published for rsshub (npm) Mar 1, 2023
Ry0taK
Credited to Ry0taK
@braintree/sanitize-url Cross-site Scripting vulnerability Moderate
CVE-2022-48345 was published for @braintree/sanitize-url (npm) Feb 24, 2023
Baremetrics date range picker vulnerable to Cross-site Scripting Moderate
CVE-2021-32859 was published for baremetrics-calendar (npm) Feb 21, 2023
iziModal Cross-site Scripting vulnerability Moderate
CVE-2021-32860 was published for izimodal (npm) Feb 21, 2023
Vditor Cross-site Scripting vulnerability Moderate
CVE-2021-32855 was published for vditor (npm) Feb 21, 2023
textAngular Cross-site Scripting vulnerability Moderate
CVE-2021-32854 was published for textangular (npm) Feb 21, 2023
@claviska/jquery-minicolors vulnerable to Cross-site Scripting Moderate
CVE-2021-32850 was published for @claviska/jquery-minicolors (npm) Feb 21, 2023
Erxes vulnerable to Cross-site Scripting Moderate
CVE-2021-32853 was published for erxes (npm) Feb 21, 2023
Mind-elixir Cross-site Scripting vulnerability Moderate
CVE-2021-32851 was published for mind-elixir (npm) Feb 21, 2023
generator-hottowel Cross-site Scripting vulnerability Moderate
CVE-2016-15025 was published for generator-hottowel (npm) Feb 20, 2023
Cross-site Scripting in jspreadsheet Moderate
CVE-2022-48115 was published for jspreadsheet-ce (npm) Feb 18, 2023
Cross site scripting Vulnerability in backstage Software Catalog Moderate
CVE-2023-25571 was published for @backstage/catalog-model (npm) Feb 14, 2023
Cross-Site-Scripting attack on `<RichTextField>` Moderate
CVE-2023-25572 was published for ra-ui-materialui (npm) Feb 14, 2023
daugsbi
Credited to daugsbi
Cross-site scripting in CKEditor5 Moderate
CVE-2022-48110 was published for ckeditor5 (npm) Feb 13, 2023 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database