Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,518
Maven
5,000+
npm
4,156
NuGet
736
pip
3,955
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,891 advisories

Loading
layui vulnerable to cross-site scripting Moderate
CVE-2023-3691 was published for layui (npm) Jul 16, 2023
CleverTap Cordova plugin vulnerable to Cross-site Scripting Critical
CVE-2023-2507 was published for clevertap-cordova (npm) Jul 15, 2023
webmention.js Cross-site Scripting vulnerability High
CVE-2023-3672 was published for webmention.js (npm) Jul 14, 2023
ImpressCMS Cross-site Scripting vulnerability Moderate
CVE-2023-37785 was published for impresscms/impresscms (Composer) Jul 13, 2023
Pimcore admin UI vulnerable to Cross-site Scripting in 2 factor authentication setup page Moderate
CVE-2023-37280 was published for pimcore/admin-ui-classic-bundle (Composer) Jul 12, 2023
HackerUniverse
Decidim Cross-site Scripting vulnerability in the external link redirections Moderate
CVE-2023-32693 was published for decidim (RubyGems) Jul 11, 2023
p- alecslupu
ahukkanen andreslucena
Decidim Cross-site Scripting vulnerability in the processes filter High
CVE-2023-34089 was published for decidim (RubyGems) Jul 11, 2023
Alonsorossi ahukkanen
andreslucena
A stored XSS in jaeger UI might allow an attacker who controls a trace to perform arbitrary jaeger queries Moderate
GHSA-2w8w-qhg4-f78j was published for github.com/jaegertracing/jaeger (Go) Jul 11, 2023
svennergr ngo
tarteaucitron.js vulnerable to Cross-site Scripting Moderate
CVE-2023-3620 was published for tarteaucitronjs (npm) Jul 11, 2023
Whatsapp-Chat-Exporter has Cross-Site Scripting vulnerability in HTML output of chats. Moderate
GHSA-8c6x-g4fw-8rf4 was published for Whatsapp-Chat-Exporter (pip) Jul 10, 2023
KnugiHK
ckeditor-wordcount-plugin vulnerable to Cross-site Scripting in Source Mode of Editor Moderate
CVE-2023-37905 was published for ckeditor-wordcount-plugin (npm) Jul 10, 2023
sypets ohader
TeamPass Cross-site Scripting vulnerability Moderate
CVE-2023-3565 was published for nilsteampassnet/teampass (Composer) Jul 10, 2023
Winter CMS stored XSS through privileged upload of SVG file Low
CVE-2023-37269 was published for wintercms/winter (Composer) Jul 7, 2023
abhishekmorla
TeamPass Cross-site Scripting vulnerability High
CVE-2023-3531 was published for nilsteampassnet/teampass (Composer) Jul 6, 2023
Statamic's Antlers sanitizer cannot effectively sanitize malicious SVG Moderate
CVE-2023-36828 was published for statamic/cms (Composer) Jul 6, 2023
robyfirnandoyusuf
Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content High
CVE-2023-36823 was published for sanitize (RubyGems) Jul 6, 2023
cure53
Magento Open Source allows Cross-Site Scripting (XSS) Low
CVE-2023-22249 was published for magento/community-edition (Composer) Jul 6, 2023
Concrete CMS Cross-site Scripting vulnerability Moderate
CVE-2022-43695 was published for concrete5/concrete5 (Composer) Jul 6, 2023
Zinc Cross-site Scripting vulnerability Moderate
CVE-2022-32171 was published for github.com/zinclabs/zinc (Go) Jul 6, 2023
Zinc Cross-site Scripting vulnerability Moderate
CVE-2022-32172 was published for github.com/zinclabs/zinc (Go) Jul 6, 2023
@vendure/admin-ui-plugin authenticated Cross-site Scripting vulnerability Moderate
GHSA-gm68-572p-q28r was published for @vendure/admin-ui-plugin (npm) Jul 6, 2023
Yaniv-git
Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox High
CVE-2023-36809 was published for kiwitcms (pip) Jul 5, 2023
mnqazi MQ-xz
org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted Critical
CVE-2023-36471 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Jun 30, 2023
XWiki Platform vulnerable to persistent Cross-site Scripting through CKEditor Configuration pages Critical
CVE-2023-36477 was published for org.xwiki.contrib:application-ckeditor-ui (Maven) Jun 30, 2023
Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC Critical
CVE-2022-4361 was published for org.keycloak:keycloak-services (Maven) Jun 30, 2023
magicOz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database