Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,152
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,889 advisories

Loading
Mattermost Cross-site Scripting vulnerability Low
CVE-2023-7113 was published for github.com/mattermost/mattermost/server/v8 (Go) Dec 29, 2023
Winter CMS Stored XSS through Backend ColorPicker FormWidget Low
CVE-2023-52084 was published for winter/wn-backend-module (Composer) Dec 28, 2023
Sanineng
Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming Low
CVE-2023-52083 was published for winter/wn-system-module (Composer) Dec 28, 2023
Cyber-Wo0dy
OpenCRX Cross-site Scripting vulnerability Moderate
CVE-2023-27150 was published for org.opencrx:opencrx-core (Maven) Dec 26, 2023
WSO2 Registry Stored Cross Site Scripting (XSS) vulnerability Moderate
CVE-2023-6911 was published for org.wso2.carbon.registry:carbon-registry (Maven) Dec 22, 2023
Withdrawn Advisory: Unrestricted File Upload affecting automad Moderate
CVE-2023-7036 was published for automad/automad (Composer) Dec 21, 2023 withdrawn
marcantondahmen
Withdrawn Advisory: Stored Cross-site scripting affecting automad/automad Low
CVE-2023-7035 was published for automad/automad (Composer) Dec 21, 2023 withdrawn
marcantondahmen
Apache Airflow has a stored cross-site scripting vulnerability Moderate
CVE-2023-47265 was published for apache-airflow (pip) Dec 21, 2023
Resque vulnerable to Reflected Cross Site Scripting through pathnames Moderate
CVE-2023-50724 was published for resque (RubyGems) Dec 18, 2023
brianvans 0977732077
Resque vulnerable to reflected XSS in resque-web failed and queues lists Moderate
CVE-2023-50725 was published for resque (RubyGems) Dec 18, 2023
madslundholmdk
Resque vulnerable to reflected XSS in Queue Endpoint Moderate
CVE-2023-50727 was published for resque (RubyGems) Dec 18, 2023
priya-hinduja PatrickTulskie
Maloja error page XSS vulnerability Moderate
GHSA-4h72-34j6-j8x7 was published for malojaserver (pip) Dec 18, 2023
NULLYUKI
Resque Scheduler Reflected XSS In Delayed Jobs View Moderate
CVE-2022-44303 was published for resque-scheduler (RubyGems) Dec 18, 2023
jchristman PatrickTulskie
Xnx3 Wangmarket Cross-Site Scripting vulnerability Moderate
CVE-2023-6886 was published for com.xnx3.wangmarket:wangmarket (Maven) Dec 17, 2023
phpMyFAQ Cross-site Scripting vulnerability Moderate
CVE-2023-6889 was published for thorsten/phpmyfaq (Composer) Dec 16, 2023
phpMyFAQ Cross-site Scripting vulnerability Moderate
CVE-2023-6890 was published for thorsten/phpmyfaq (Composer) Dec 16, 2023
Cross-site Scripting in @spscommerce/ds-react Critical
GHSA-cfxh-frx4-9gjg was published for @spscommerce/ds-react (npm) Dec 15, 2023
shramko82 knedev42
jimthedev
Cross-site Scripting in JFinalcms Moderate
CVE-2023-50102 was published for com.jfinal:jfinal (Maven) Dec 14, 2023
Cross-site Scripting in JFinalcms Moderate
CVE-2023-50137 was published for com.jfinal:jfinal (Maven) Dec 14, 2023
Cross-site Scripting in JFinalcms Moderate
CVE-2023-50101 was published for com.jfinal:jfinal (Maven) Dec 14, 2023
Cross-site Scripting in JFinalcms Moderate
CVE-2023-50100 was published for com.jfinal:jfinal (Maven) Dec 14, 2023
Withdrawn Advisory: Prometheus XSS Vulnerability Moderate
CVE-2019-3826 was published for github.com/prometheus/prometheus (Go) Dec 13, 2023 withdrawn
pdeslaur codeboten
Cross Site Request Forgery in Silverpeas High
CVE-2023-47322 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Cross-site Scripting in silverpeas Moderate
CVE-2023-47324 was published for org.silverpeas.core:silverpeas-core-api (Maven) Dec 13, 2023
Stored XSS via SVG File Upload Low
CVE-2023-49279 was published for Umbraco.CMS (NuGet) Dec 13, 2023
S3ntago
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database