Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

378 advisories

Loading
Reflected XSS Vulnerability in dpaste Moderate
CVE-2023-49277 was published for Dpaste (pip) Dec 1, 2023
brianferri
Apache Superset Cross-site Scripting vulnerability Moderate
CVE-2023-43701 was published for apache-superset (pip) Nov 27, 2023
Cross-site Scripting potential in custom links, job buttons, and computed fields High
CVE-2023-48705 was published for nautobot (pip) Nov 22, 2023
Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages Moderate
CVE-2023-47114 was published for ethyca-fides (pip) Nov 8, 2023
RobertKeyser h0wl
dtale vulnerable to Remote Code Execution through the Custom Filter Input Moderate
CVE-2023-46134 was published for dtale (pip) Oct 25, 2023
yadhukrishnam
Fides JavaScript Injection Vulnerability in Privacy Center URL Low
CVE-2023-46126 was published for ethyca-fides (pip) Oct 24, 2023
modoboa Cross-site Scripting vulnerability High
CVE-2023-5689 was published for modoboa (pip) Oct 20, 2023
modoboa Cross-site Scripting vulnerability Critical
CVE-2023-5688 was published for modoboa (pip) Oct 20, 2023
Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins context High
CVE-2023-45815 was published for archivebox (pip) Oct 19, 2023
Zope management interface vulnerable to stored cross site scripting via the title property Low
CVE-2023-44389 was published for Zope (pip) Oct 4, 2023
dataflake drfho
icemac d-maurer
plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait Low
GHSA-hc5c-r8m5-2gfh was published for plone.restapi (pip) Sep 21, 2023
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images Low
CVE-2023-41048 was published for plone.namedfile (pip) Sep 21, 2023
msegoviag
Zope vulnerable to Stored Cross Site Scripting with SVG images Low
CVE-2023-42458 was published for Zope (pip) Sep 21, 2023
mauritsvanrees icemac
cross-site inclusion (XSSI) of files in jupyter-server Moderate
CVE-2023-40170 was published for jupyter-server (pip) Aug 29, 2023
Scancode.io Reflected Cross-Site Scripting (XSS) in license endpoint Moderate
CVE-2023-40024 was published for scancodeio (pip) Aug 15, 2023
0xmpij
wger Workout Manager Cross-site Scripting vulnerability Moderate
CVE-2023-38758 was published for wger (pip) Aug 8, 2023
copyparty vulnerable to reflected cross-site scripting via k304 parameter Moderate
CVE-2023-38501 was published for copyparty (pip) Jul 25, 2023
TheHackyDog
Indico vulnerable to Cross-Site-Scripting via confirmation prompts Moderate
CVE-2023-37901 was published for indico (pip) Jul 21, 2023
ThiefMaster
copyparty vulnerable to reflected cross-site scripting via hc parameter Moderate
GHSA-cw7j-v52w-fp5r was published for copyparty (pip) Jul 21, 2023
TheHackyDog
Whatsapp-Chat-Exporter has Cross-Site Scripting vulnerability in HTML output of chats. Moderate
GHSA-8c6x-g4fw-8rf4 was published for Whatsapp-Chat-Exporter (pip) Jul 10, 2023
KnugiHK
Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox High
CVE-2023-36809 was published for kiwitcms (pip) Jul 5, 2023
mnqazi MQ-xz
kiwitcms vulnerable to stored cross-site scripting via unrestricted file upload High
CVE-2023-33977 was published for kiwitcms (pip) Jun 6, 2023
mnqazi
kiwitcms vulnerable to stored XSS via unrestricted files upload Moderate
CVE-2023-32686 was published for kiwitcms (pip) May 22, 2023
antoniospataro mosaa404
ek1ng
Apache Airflow vulnerable to stored Cross-site Scripting Moderate
CVE-2023-29247 was published for apache-airflow (pip) May 8, 2023
Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views High
CVE-2023-28836 was published for wagtail (pip) Apr 3, 2023
thibaudcolas
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database