Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

486 advisories

Loading
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via FAQ News link parameter High
CVE-2023-1757 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to DOM cross-site scripting (XSS) via configuration privacy note URL parameter High
CVE-2023-1882 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS) High
CVE-2023-0835 was published for markdown-pdf (npm) Apr 5, 2023
Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views High
CVE-2023-28836 was published for wagtail (pip) Apr 3, 2023
thibaudcolas
Jenkins Mashup Portlets Plugin vulnerable to stored cross-site scripting High
CVE-2023-28679 was published for javagh.jenkins:mashup-portlets-plugin (Maven) Apr 2, 2023
Jenkins Pipeline Aggregator View Plugin vulnerable to Cross-site Scripting High
CVE-2023-28670 was published for com.paul8620.jenkins.plugins:pipeline-aggregator-view (Maven) Apr 2, 2023
Jenkins Cppcheck Plugin vulnerable to stored cross-site scripting (XSS) High
CVE-2023-28678 was published for org.jenkins-ci.plugins:cppcheck (Maven) Apr 2, 2023
Jenkins JaCoCo Plugin vulnerable to Stored Cross-site Scripting High
CVE-2023-28669 was published for org.jenkins-ci.plugins:jacoco (Maven) Apr 2, 2023
Kiwi TCMS Stored Cross-site Scripting via SVG file High
CVE-2023-27489 was published for kiwitcms (pip) Mar 30, 2023
antoniospataro richardfan0606
smarty Cross-site Scripting vulnerability in Javascript escaping High
CVE-2023-28447 was published for smarty/smarty (Composer) Mar 29, 2023
takaram
Cross-site Scripting vulnerability in Jenkins High
CVE-2023-27898 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel yakirk
directus vulnerable to HTML Injection in Password Reset email to custom Reset URL High
CVE-2023-27474 was published for directus (npm) Mar 7, 2023
tofran
XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data High
CVE-2023-26480 was published for org.xwiki.platform:xwiki-platform-livedata-macro (Maven) Mar 3, 2023
Keycloak Cross-site Scripting on OpenID connect login service High
CVE-2022-4137 was published for org.keycloak:keycloak-parent (Maven) Mar 1, 2023
TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering High
CVE-2023-24814 was published for typo3/cms (Composer) Feb 8, 2023
bnf
XSS Attack with Express API High
CVE-2023-23630 was published for eta (npm) Jan 31, 2023
agustingianni
gatsby-transformer-remark has possible unsanitized JavaScript code injection High
CVE-2023-22491 was published for gatsby-transformer-remark (npm) Jan 11, 2023
@mattkrick/sanitize-svg vulnerable to Cross-Site Scripting (XSS) High
CVE-2023-22461 was published for @mattkrick/sanitize-svg (npm) Jan 5, 2023
lauritzh
Gravitee API Management contains Path Traversal High
CVE-2022-38723 was published for io.gravitee.apim:gravitee-api-management (Maven) Jan 4, 2023
Stored XSS vulnerability in Jenkins Checkmarx Plugin High
CVE-2022-46684 was published for com.checkmarx.jenkins:checkmarx (Maven) Dec 12, 2022
NotMyFault
Cross-site Scripting in Jenkins Spring Config Plugin High
CVE-2022-46687 was published for io.jenkins.plugins:spring-config (Maven) Dec 12, 2022
Jenkins Custom Build Properties Plugin vulnerable to Cross-site Scripting High
CVE-2022-46686 was published for io.jenkins.plugins:custom-build-properties (Maven) Dec 12, 2022
XBlock vulnerable to Cross-Site Scripting (XSS) High
CVE-2022-46147 was published for xblock-drag-and-drop-v2 (pip) Dec 2, 2022
Browsershot does not validate URL protocols passed to Browsershot URL method High
CVE-2022-41706 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607
Cross-site Scripting in Apache Hama High
CVE-2022-45470 was published for org.apache.hama:hama-core (Maven) Nov 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database