Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,890 advisories

Loading
modoboa Cross-site Scripting vulnerability High
CVE-2023-5689 was published for modoboa (pip) Oct 20, 2023
modoboa Cross-site Scripting vulnerability Critical
CVE-2023-5688 was published for modoboa (pip) Oct 20, 2023
Evolution CMS Cross-site Scripting vulnerability Moderate
CVE-2023-43340 was published for evolutioncms/evolution (Composer) Oct 20, 2023
Yamcs Cross-site Scripting vulnerability Moderate
CVE-2023-45279 was published for org.yamcs:yamcs (Maven) Oct 20, 2023
Evolution CMS Cross-site Scripting vulnerability Moderate
CVE-2023-43341 was published for evolutioncms/evolution (Composer) Oct 20, 2023
Subrion CMS vulnerable to Cross-site Scripting Moderate
CVE-2023-43875 was published for intelliants/subrion (Composer) Oct 20, 2023
Yamcs Cross-site Scripting vulnerability Moderate
CVE-2023-45280 was published for org.yamcs:yamcs (Maven) Oct 20, 2023
TinyMCE XSS vulnerability in notificationManager.open API Moderate
CVE-2023-45819 was published for TinyMCE (Composer) Oct 19, 2023
ph5i
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin Moderate
CVE-2023-45818 was published for TinyMCE (Composer) Oct 19, 2023
masatokinugawa
Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins context High
CVE-2023-45815 was published for archivebox (pip) Oct 19, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS in the Commerce Module Critical
CVE-2023-42627 was published for com.liferay.commerce:com.liferay.commerce.address.content.web (Maven) Oct 17, 2023
Cross-site Scripting via missing Binding syntax validation High
CVE-2023-45683 was published for github.com/crewjam/saml (Go) Oct 17, 2023
anaximand3r
XWiki Identity Oauth Privilege escalation (PR)/remote code execution from login screen through unescaped URL parameter Critical
CVE-2023-45144 was published for com.xwiki.identity-oauth:identity-oauth-ui (Maven) Oct 17, 2023
lucaswitvoet
Liferay Portal and Liferay DXP Vulnerable to XSS via the OAuth2ProviderApplicationRedirect Class Critical
CVE-2023-44311 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS via the Page Tree Menu Critical
CVE-2023-44310 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS in the Wiki Widget Critical
CVE-2023-42628 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to Reflected XSS via the Export for Translation Page Critical
CVE-2023-42497 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to Stored XSS in the Manage Vocabulary Page Critical
CVE-2023-42629 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS in the Fragment Components Critical
CVE-2023-44309 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 17, 2023
XWiki Change Request Application UI XSS and remote code execution through change request title Critical
CVE-2023-45138 was published for org.xwiki.contrib.changerequest:application-changerequest-ui (Maven) Oct 17, 2023
michitux
Cross-site Scripting (XSS) in froxlor/froxlor Moderate
CVE-2023-4829 was published for froxlor/froxlor (Composer) Oct 13, 2023
Magento Open Source allows Cross-Site Scripting (XSS) Low
CVE-2023-38219 was published for magento/community-edition (Composer) Oct 13, 2023
Cross-site Scripting (XSS) in froxlor/froxlor Moderate
CVE-2023-5564 was published for froxlor/froxlor (Composer) Oct 13, 2023
OroCommerce Cross-site Scripting vulnerability in add note dialog of Shopping List line item Moderate
CVE-2022-35950 was published for oro/commerce (Composer) Oct 10, 2023
ConcreteCMS vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-44763 was published for concrete5/concrete5 (Composer) Oct 10, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database