Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,757
Erlang
35
GitHub Actions
29
Go
2,327
Maven
5,000+
npm
3,960
NuGet
712
pip
3,741
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

263 advisories

Loading
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet... Moderate Unreviewed
CVE-2023-36555 was published Oct 10, 2023
A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of... Moderate Unreviewed
CVE-2023-34354 was published Oct 11, 2023
A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. This issue... Moderate Unreviewed
CVE-2023-5582 was published Oct 14, 2023
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu Critical
CVE-2023-46732 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Nov 8, 2023
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified... Low Unreviewed
CVE-2024-0183 was published Jan 2, 2024
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow... Moderate Unreviewed
CVE-2023-20257 was published Jan 17, 2024
An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16... Moderate Unreviewed
CVE-2023-5933 was published Jan 26, 2024
@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability High
CVE-2024-23841 was published for @apollo/experimental-nextjs-app-support (npm) Jan 30, 2024
phryneas IkeMurami
peakematt
Statmic CMS vulnerable to account takeover via XSS and password reset link High
CVE-2024-24570 was published for statamic/cms (Composer) Feb 1, 2024
sec-consult
IBM PowerSC 1.3, 2.0, and 2.1 is vulnerable to HTML injection. A remote attacker could inject... Moderate Unreviewed
CVE-2023-50933 was published Feb 2, 2024
phpMyFAQ vulnerable to stored XSS on attachments filename Moderate
CVE-2024-24574 was published for phpmyfaq/phpmyfaq (Composer) Feb 5, 2024
nikkoenggaliano
Sulu HTML Injection via Autocomplete Suggestion Low
CVE-2024-24807 was published for sulu/sulu (Composer) Feb 5, 2024
Norman API Cross-site Scripting Vulnerability High
CVE-2023-32193 was published for github.com/rancher/norman (Go) Feb 8, 2024
diego95root kujalamathias
Rancher API Server Cross-site Scripting Vulnerability High
CVE-2023-32192 was published for github.com/rancher/apiserver (Go) Feb 8, 2024
diego95root kujalamathias
XSS sidekiq-unique-jobs UI server vulnerability High
CVE-2024-25122 was published for sidekiq-unique-jobs (RubyGems) Feb 13, 2024
pboling Earlopain
Withdrawn Advisory: Kirby CMS HTML injection vulnerability High
CVE-2024-26482 was published for getkirby/cms (Composer) Feb 22, 2024 withdrawn
Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field... Moderate Unreviewed
CVE-2024-25873 was published Feb 22, 2024
Using an AMP url with a canonical element, an attacker could have executed JavaScript from an... High Unreviewed
CVE-2024-26282 was published Feb 22, 2024
hexo-theme-anzhiyu Cross-site Scripting vulnerability Moderate
CVE-2024-25865 was published for hexo-theme-anzhiyu (npm) Mar 3, 2024
Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php. Moderate Unreviewed
CVE-2024-28417 was published Mar 14, 2024
Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users... Moderate Unreviewed
CVE-2024-1606 was published Mar 18, 2024
phpMyFAQ Stored HTML Injection at contentLink Moderate
CVE-2024-28108 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker... High Unreviewed
CVE-2023-40290 was published Mar 27, 2024
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a... Moderate Unreviewed
CVE-2024-31062 was published Mar 28, 2024
A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042,... Moderate Unreviewed
CVE-2024-20362 was published Apr 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database