Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,873
Erlang
37
GitHub Actions
36
Go
2,518
Maven
5,000+
npm
4,156
NuGet
736
pip
3,955
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,891 advisories

Loading
MediaWiki Cross-site Scripting vulnerability Moderate
CVE-2023-37302 was published for wikibase/wikibase (Composer) Jun 30, 2023
prudloff-insite
angular-ui-notification Cross-site Scripting vulnerability Moderate
CVE-2023-34840 was published for angular-ui-notification (npm) Jun 30, 2023
Joplin Cross-site Scripting vulnerability Moderate
CVE-2023-37299 was published for joplin (npm) Jun 30, 2023
Joplin Cross-site Scripting vulnerability Moderate
CVE-2023-37298 was published for joplin (npm) Jun 30, 2023
phpMyFAQ Cross-site Scripting Moderate
CVE-2023-3469 was published for thorsten/phpmyfaq (Composer) Jun 30, 2023
Spina Cross-site Scripting vulnerability Low
CVE-2023-3445 was published for spina (RubyGems) Jun 28, 2023
Duplicate Advisory: jQuery Cross Site Scripting vulnerability Moderate
CVE-2020-23064 was published for jQuery (RubyGems) Jun 26, 2023 withdrawn
eoftedal
Moodle vulnerable to Cross-site Scripting Moderate
CVE-2023-35131 was published for moodle/moodle (Composer) Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page Critical
CVE-2023-35161 was published for org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven) Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template Critical
CVE-2023-35160 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template Critical
CVE-2023-35159 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via delattachment action High
CVE-2023-35157 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template Critical
CVE-2023-35156 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Jun 22, 2023
Broadleaf vulnerable to Cross-site Scripting Moderate
CVE-2023-33725 was published for org.broadleafcommerce:broadleaf (Maven) Jun 21, 2023
XWiki Platform vulnerable to cross-site scripting via xcontinue parameter in previewactions template Critical
CVE-2023-35162 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Jun 20, 2023
XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email High
CVE-2023-35155 was published for org.xwiki.platform:xwiki-platform-sharepage-api (Maven) Jun 20, 2023
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters Critical
CVE-2023-35153 was published for org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven) Jun 20, 2023
renniepak
XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template Critical
CVE-2023-34464 was published for org.xwiki.platform:xwiki-platform-web (Maven) Jun 20, 2023
Alluxio Cross Site Scripting vulnerability Moderate
CVE-2020-21485 was published for org.alluxio:alluxio-parent (Maven) Jun 20, 2023
Craft CMS vulnerable to HTML injection Moderate
CVE-2023-33495 was published for craftcms/cms (Composer) Jun 20, 2023
YiiCMS Cross Site Scripting vulnerability Moderate
CVE-2020-21246 was published for sheng/yiicms (Composer) Jun 20, 2023
NodCMS Cross Site Scripting vulnerability Moderate
CVE-2020-20697 was published for khodakhah/nodcms (Composer) Jun 20, 2023
ke_search (aka Faceted Search) vulnerable to Cross-Site Scripting Moderate
CVE-2023-35783 was published for tpwd/ke_search (Composer) Jun 16, 2023
Liferay Portal and Liferay DXP Vulnerable to XSS via the Layout Module Moderate
CVE-2023-3193 was published for com.liferay.portal:release.dxp.bom (Maven) Jun 15, 2023
Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting High
CVE-2023-35146 was published for org.jenkins.plugin.templateWorkflows:template-workflows (Maven) Jun 14, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database