Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,890 advisories

Loading
NASA Open MCT Cross Site Scripting vulnerability Moderate
CVE-2023-45885 was published for openmct (npm) Nov 9, 2023
MarkLee131
Microweber Cross-site Scripting vulnerability Moderate
CVE-2023-47379 was published for microweber/microweber (Composer) Nov 8, 2023
Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages Moderate
CVE-2023-47114 was published for ethyca-fides (pip) Nov 8, 2023
RobertKeyser h0wl
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu Critical
CVE-2023-46732 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Nov 8, 2023
Reportico Cross-site Scripting vulnerability Moderate
CVE-2023-46925 was published for reportico-web/reportico (Composer) Nov 2, 2023
phpBB's Smiley Pack acp_icons.php main pack vulnerable to cross site scripting Moderate
CVE-2023-5917 was published for phpbb/phpbb (Composer) Nov 2, 2023
Rudloff
Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews Moderate
CVE-2023-46722 was published for pimcore/admin-ui-classic-bundle (Composer) Nov 1, 2023
tht1997
Pimcore Cross-site Scripting vulnerability Moderate
CVE-2023-5873 was published for pimcore/pimcore (Composer) Oct 31, 2023
Cross-site Scripting (XSS) in thorsten/phpmyfaq Moderate
CVE-2023-5867 was published for thorsten/phpmyfaq (Composer) Oct 31, 2023
phpMyFAQ Cross-site Scripting vulnerability High
CVE-2023-5864 was published for thorsten/phpmyfaq (Composer) Oct 31, 2023
phpMyFAQ Cross-site Scripting vulnerability Moderate
CVE-2023-5863 was published for thorsten/phpmyfaq (Composer) Oct 31, 2023
Cross-site Scripting (XSS) in microweber/microweber Moderate
CVE-2023-5861 was published for microweber/microweber (Composer) Oct 31, 2023
Cross-site Scripting (XSS) in dolibarr/dolibarr Moderate
CVE-2023-5842 was published for dolibarr/dolibarr (Composer) Oct 30, 2023
baserCMS Cross-site Scripting vulnerability in File upload Feature Moderate
CVE-2023-43647 was published for baserproject/basercms (Composer) Oct 26, 2023
baserCMS Cross-site Scripting Vulnerability in Favorites Feature Moderate
CVE-2023-29009 was published for baserproject/basercms (Composer) Oct 26, 2023
XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages Critical
CVE-2023-45137 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled Critical
CVE-2023-45136 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Oct 25, 2023
XWiki Platform XSS vulnerability from account in the create page form via template provider Critical
CVE-2023-45134 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability Critical
CVE-2023-37908 was published for org.xwiki.rendering:xwiki-rendering-xml (Maven) Oct 25, 2023
Stored XSS vulnerability in Jenkins GitHub Plugin High
CVE-2023-46650 was published for com.coravy.hudson.plugins.github:github (Maven) Oct 25, 2023
Jenkins Edgewall Trac Plugin vulnerable to Stored XSS High
CVE-2023-46659 was published for org.jenkins-ci.plugins:trac (Maven) Oct 25, 2023
Zenario CMS Cross-site Scripting vulnerability Moderate
CVE-2023-44769 was published for tribalsystems/zenario (Composer) Oct 25, 2023
dtale vulnerable to Remote Code Execution through the Custom Filter Input Moderate
CVE-2023-46134 was published for dtale (pip) Oct 25, 2023
yadhukrishnam
Fides JavaScript Injection Vulnerability in Privacy Center URL Low
CVE-2023-46126 was published for ethyca-fides (pip) Oct 24, 2023
Concrete CMS Cross-site Scripting vulnerability Moderate
CVE-2023-44760 was published for concrete5/concrete5 (Composer) Oct 24, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database