Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

385 advisories

Loading
copyparty vulnerable to reflected cross-site scripting via hc parameter Moderate
GHSA-cw7j-v52w-fp5r was published for copyparty (pip) Jul 21, 2023
TheHackyDog
Credited to TheHackyDog
Whatsapp-Chat-Exporter has Cross-Site Scripting vulnerability in HTML output of chats. Moderate
GHSA-8c6x-g4fw-8rf4 was published for Whatsapp-Chat-Exporter (pip) Jul 10, 2023
KnugiHK
Credited to KnugiHK
Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox High
CVE-2023-36809 was published for kiwitcms (pip) Jul 5, 2023
mnqazi MQ-xz
Credited to mnqazi and MQ-xz
kiwitcms vulnerable to stored cross-site scripting via unrestricted file upload High
CVE-2023-33977 was published for kiwitcms (pip) Jun 6, 2023
mnqazi
Credited to mnqazi
kiwitcms vulnerable to stored XSS via unrestricted files upload Moderate
CVE-2023-32686 was published for kiwitcms (pip) May 22, 2023
antoniospataro mosaa404
ek1ng
Credited to antoniospataro, mosaa404, and ek1ng
Apache Airflow vulnerable to stored Cross-site Scripting Moderate
CVE-2023-29247 was published for apache-airflow (pip) May 8, 2023
Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views High
CVE-2023-28836 was published for wagtail (pip) Apr 3, 2023
thibaudcolas
Credited to thibaudcolas
Kiwi TCMS Stored Cross-site Scripting via SVG file High
CVE-2023-27489 was published for kiwitcms (pip) Mar 30, 2023
antoniospataro richardfan0606
Credited to antoniospataro and richardfan0606
Streamlit publishes previously-patched Cross-site Scripting vulnerability Moderate
CVE-2023-27494 was published for streamlit (pip) Mar 17, 2023
Cross-site Scripting in django-ajax-utilities Moderate
CVE-2017-20182 was published for django-ajax-utilities (pip) Mar 10, 2023
modoboa Cross-site Scripting vulnerability Moderate
CVE-2023-0949 was published for modoboa (pip) Feb 22, 2023
Stored cross site scripting in changedetection.io Moderate
CVE-2023-24769 was published for changedetection.io (pip) Feb 18, 2023
edoardottt
Credited to edoardottt
Mayan EDMS DMS XSS vulnerability Moderate
CVE-2022-47419 was published for mayan-edms (pip) Feb 8, 2023
Cross-site Scripting in modoboa Moderate
CVE-2023-0519 was published for modoboa (pip) Jan 27, 2023
Cross-site Scripting in modoboa Moderate
CVE-2023-0470 was published for modoboa (pip) Jan 27, 2023
Cross-site Scripting in pyload-ng Moderate
CVE-2023-0488 was published for pyload-ng (pip) Jan 27, 2023
Apache Superset vulnerable to Cross-site Scripting Moderate
CVE-2022-43717 was published for apache-superset (pip) Jan 16, 2023
Apache Superset is vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-43718 was published for apache-superset (pip) Jan 16, 2023
LdapCherry Cross-site Scripting vulnerbaility Moderate
CVE-2019-25095 was published for ldapcherry (pip) Jan 5, 2023
django-ucamlookup Cross-site Scripting vulnerability Moderate
CVE-2016-15010 was published for django-ucamlookup (pip) Jan 5, 2023
Graphite Web Cross-site Scripting vulnerability Moderate
CVE-2022-4728 was published for graphite-web (pip) Dec 27, 2022
Graphite Web Cross-site Scripting vulnerability Moderate
CVE-2022-4729 was published for graphite-web (pip) Dec 27, 2022
Graphite Web Cross-site Scripting vulnerability Moderate
CVE-2022-4730 was published for graphite-web (pip) Dec 27, 2022
collective.contact.widget is vulnerable to cross-site scripting Moderate
CVE-2022-4638 was published for collective.contact.widget (pip) Dec 22, 2022
collective.task Cross-site Scripting vulnerability Moderate
CVE-2022-4527 was published for collective.task (pip) Dec 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database