Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,744
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

468 advisories

Loading
Jellyfin Web Cross-Site Scripting (XSS) via Playlist Name Moderate
CVE-2023-23636 was published for jellyfin-web (npm) Feb 3, 2023
Jellyfin Web Cross-Site Scripting (XSS) via Collection Name Moderate
CVE-2023-23635 was published for jellyfin-web (npm) Feb 3, 2023
Joplin Desktop App vulnerable to Cross-site Scripting Moderate
CVE-2022-45598 was published for joplin (npm) Jan 31, 2023
jSuites subect to Cross-site Scripting Moderate
CVE-2022-25979 was published for jsuites (npm) Jan 31, 2023
Cross-site Scripting in yapi-vendor Moderate
CVE-2021-36686 was published for yapi-vendor (npm) Jan 26, 2023
Cross-site Scripting (XSS) in serve-lite Moderate
CVE-2022-25847 was published for serve-lite (npm) Jan 26, 2023
lirantal
Credited to lirantal
@builder.io/qwik vulnerable to Cross-site Scripting Moderate
CVE-2023-0410 was published for @builder.io/qwik (npm) Jan 20, 2023
phoenix_html allows Cross-site Scripting in HEEx class attributes Moderate
CVE-2021-46871 was published for phoenix_html (Erlang) Jan 10, 2023
Json2html vulnerable to cross-site scripting Moderate
CVE-2018-25053 was published for node-json2html (npm) Dec 28, 2022
Smoothie vulnerable to Cross-site Scripting when tooltipLabel or strokeStyle are controlled by users Moderate
CVE-2022-25929 was published for smoothie (npm) Dec 21, 2022
WofWca
Credited to WofWca
Duplicate advisory: @claviska/jquery-minicolors vulnerable to Cross-site Scripting Moderate
CVE-2021-4243 was published for @claviska/jquery-minicolors (npm) Dec 12, 2022 withdrawn
Cross-site scripting vulnerability in TinyMCE alerts Moderate
CVE-2022-23494 was published for TinyMCE (Composer) Dec 8, 2022
P4rkJW
Credited to P4rkJW
Read the Docs vulnerable to Cross-Site Scripting (XSS) Moderate
GHSA-98pf-gfh3-x3mp was published for readthedocs (npm) Nov 10, 2022
stsewd
Credited to stsewd
node-red-dashboard vulnerable to Cross-site Scripting Moderate
CVE-2022-3783 was published for node-red-dashboard (npm) Nov 1, 2022
@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details Moderate
CVE-2022-39350 was published for @dependencytrack/frontend (npm) Oct 25, 2022
Waterstraal
Credited to Waterstraal
mxGraph vulnerable to cross-site scripting in setTooltips function Moderate
CVE-2022-40440 was published for mxgraph (npm) Oct 12, 2022
Cross site scripting in Metro UI Moderate
CVE-2022-41376 was published for metro4 (npm) Oct 11, 2022
Jodit Editor vulnerable to Cross-site Scripting Moderate
CVE-2022-23461 was published for jodit (npm) Sep 25, 2022
cw-alexcroteau
Credited to cw-alexcroteau
Toast UI Grid vulnerable to Cross-site Scripting Moderate
CVE-2022-23458 was published for tui-grid (npm) Sep 23, 2022
@netlify/ipx vulnerable to Full Response SSRF and Stored XSS via Cache Poisoning and Improper Host Validation Moderate
CVE-2022-39239 was published for @netlify/ipx (npm) Sep 21, 2022
Vuetify Cross-site Scripting vulnerability Moderate
CVE-2022-25873 was published for org.webjars.npm:vuetify (Maven) Sep 19, 2022
Markdown-Nice v1.8.22 vulnerable to Cross-site Scripting Moderate
CVE-2022-38639 was published for markdown-nice (npm) Sep 10, 2022
x-data-spreadsheet through 1.1.9 vulnerable to Cross-site Scripting Moderate
CVE-2022-25646 was published for x-data-spreadsheet (npm) Aug 31, 2022
Cross site scripting in mobiledoc-kit Moderate
CVE-2022-2932 was published for mobiledoc-kit (npm) Aug 23, 2022
apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page Moderate
GHSA-2fvv-qxrq-7jq6 was published for apollo-server-core (npm) Aug 18, 2022
adenkiewicz
Credited to adenkiewicz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database