Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,890 advisories

Loading
Stored XSS via SVG File Upload Low
CVE-2023-49279 was published for Umbraco.CMS (NuGet) Dec 13, 2023
S3ntago
DOM-XSS on Backoffice login screen. Moderate
CVE-2023-48313 was published for Umbraco.CMS (NuGet) Dec 13, 2023
RaphaelCSSilva
Possible injection of HTML into user invite mails Low
CVE-2023-38694 was published for Umbraco.CMS (NuGet) Dec 13, 2023
Alkacon OpenCMS XSS via Mercury template Moderate
CVE-2023-6379 was published for org.opencms:opencms-core (Maven) Dec 13, 2023
Cross-site Scripting in Semantic MediaWiki Moderate
CVE-2022-48614 was published for mediawiki/semantic-media-wiki (Composer) Dec 10, 2023
Cross-site Scripting in evershop Moderate
CVE-2023-46495 was published for @evershop/evershop (npm) Dec 8, 2023
Cross Site Scripting in evershop Moderate
CVE-2023-46494 was published for @evershop/evershop (npm) Dec 8, 2023
Cross-site Scripting in evershop Moderate
CVE-2023-46499 was published for @evershop/evershop (npm) Dec 8, 2023
Cross-site Scripting in JFinalCMS Moderate
CVE-2023-49485 was published for com.jfinal:jfinal (Maven) Dec 8, 2023
Cross-site Scripting in JFinalCMS Moderate
CVE-2023-49486 was published for com.jfinal:jfinal (Maven) Dec 8, 2023
Cross-site Scripting in JFinalCMS Moderate
CVE-2023-49487 was published for com.jfinal:jfinal (Maven) Dec 8, 2023
Magento LTS vulnerable to Stored XSS via TinyMCE WYSIWYG Editor High
GHSA-9j5w-2cqc-cwj9 was published for openmage/magento-lts (Composer) Dec 8, 2023
halitAKAYDIN
Cross-site Scripting (XSS) in MLflow Moderate
CVE-2023-6568 was published for mlflow (pip) Dec 7, 2023
Vite XSS vulnerability in `server.transformIndexHtml` via URL payload Moderate
CVE-2023-49293 was published for vite (npm) Dec 5, 2023
mxxk
Ajax Pro Cross-site Scripting Moderate
CVE-2023-49289 was published for AjaxNetProfessional (NuGet) Dec 5, 2023
Reflected XSS Vulnerability in dpaste Moderate
CVE-2023-49277 was published for Dpaste (pip) Dec 1, 2023
brianferri
PHPMemcachedAdmin vulnerable to cross-site scripting (XSS) via improper encoding Moderate
CVE-2023-6027 was published for elijaa/phpmemcacheadmin (Composer) Nov 30, 2023
October CMS stored XSS by authenticated backend user with improper configuration Moderate
CVE-2023-44383 was published for october/system (Composer) Nov 29, 2023
CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS Moderate
CVE-2023-49090 was published for carrierwave (RubyGems) Nov 29, 2023
a-zara-n
Improper Neutralization of Input in Advanced User Interface for Jolt High
CVE-2023-49145 was published for org.apache.nifi:nifi-jolt-transform-json-ui (Maven) Nov 28, 2023
exceptionfactory
Apache Superset Cross-site Scripting vulnerability Moderate
CVE-2023-43701 was published for apache-superset (pip) Nov 27, 2023
Attribute Injection leading to XSS(Cross-Site-Scripting) Moderate
CVE-2023-49276 was published for uptime-kuma (npm) Nov 24, 2023
gtg2619
Cross-site Scripting in DOMSanitizer Moderate
CVE-2023-49146 was published for rhukster/dom-sanitizer (Composer) Nov 23, 2023
Cross-site Scripting potential in custom links, job buttons, and computed fields High
CVE-2023-48705 was published for nautobot (pip) Nov 22, 2023
Cross-site Scripting via uploaded assets High
CVE-2023-48701 was published for statamic/cms (Composer) Nov 22, 2023
Cyber-Wo0dy
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database