Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

406 advisories

Loading
Kiwi TCMS Stored Cross-site Scripting via SVG file High
CVE-2023-27489 was published for kiwitcms (pip) Mar 30, 2023
antoniospataro richardfan0606
smarty Cross-site Scripting vulnerability in Javascript escaping High
CVE-2023-28447 was published for smarty/smarty (Composer) Mar 29, 2023
takaram
Cross-site Scripting vulnerability in Jenkins High
CVE-2023-27898 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel yakirk
directus vulnerable to HTML Injection in Password Reset email to custom Reset URL High
CVE-2023-27474 was published for directus (npm) Mar 7, 2023
tofran
XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data High
CVE-2023-26480 was published for org.xwiki.platform:xwiki-platform-livedata-macro (Maven) Mar 3, 2023
Keycloak Cross-site Scripting on OpenID connect login service High
CVE-2022-4137 was published for org.keycloak:keycloak-parent (Maven) Mar 1, 2023
TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering High
CVE-2023-24814 was published for typo3/cms (Composer) Feb 8, 2023
bnf
XSS Attack with Express API High
CVE-2023-23630 was published for eta (npm) Jan 31, 2023
agustingianni
Cross-site Scripting in modoboa High
CVE-2023-0519 was published for modoboa (pip) Jan 27, 2023
Cross-site Scripting in modoboa High
CVE-2023-0470 was published for modoboa (pip) Jan 27, 2023
gatsby-transformer-remark has possible unsanitized JavaScript code injection High
CVE-2023-22491 was published for gatsby-transformer-remark (npm) Jan 11, 2023
@mattkrick/sanitize-svg vulnerable to Cross-Site Scripting (XSS) High
CVE-2023-22461 was published for @mattkrick/sanitize-svg (npm) Jan 5, 2023
lauritzh
Gravitee API Management contains Path Traversal High
CVE-2022-38723 was published for io.gravitee.apim:gravitee-api-management (Maven) Jan 4, 2023
Stored XSS vulnerability in Jenkins Checkmarx Plugin High
CVE-2022-46684 was published for com.checkmarx.jenkins:checkmarx (Maven) Dec 12, 2022
NotMyFault
Cross-site Scripting in Jenkins Spring Config Plugin High
CVE-2022-46687 was published for io.jenkins.plugins:spring-config (Maven) Dec 12, 2022
Jenkins Custom Build Properties Plugin vulnerable to Cross-site Scripting High
CVE-2022-46686 was published for io.jenkins.plugins:custom-build-properties (Maven) Dec 12, 2022
XBlock vulnerable to Cross-Site Scripting (XSS) High
CVE-2022-46147 was published for xblock-drag-and-drop-v2 (pip) Dec 2, 2022
Cross-site Scripting in Apache Hama High
CVE-2022-45470 was published for org.apache.hama:hama-core (Maven) Nov 21, 2022
Cross-site Scripting in librenms/librenms High
CVE-2022-4068 was published for librenms/librenms (Composer) Nov 20, 2022
Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS) High
CVE-2022-45401 was published for org.jenkins-ci.main:associated-files-plugin (Maven) Nov 16, 2022
NotMyFault
Jenkins BART Plugin vulnerable to cross-site scripting (XSS) High
CVE-2022-45387 was published for org.jenkins-ci.plugins:bart (Maven) Nov 16, 2022
NotMyFault
Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion High
CVE-2022-45380 was published for org.jenkins-ci.plugins:junit (Maven) Nov 16, 2022
NotMyFault
Cross Site Scripting vulnerability in wsgidav when directory browsing is enabled High
CVE-2022-41905 was published for wsgidav (pip) Nov 16, 2022
brunnjf
phpMyFAQ vulnerable to Cross-site Scripting High
CVE-2022-3608 was published for phpmyfaq/phpmyfaq (Composer) Oct 19, 2022
Stored XSS vulnerability in Jenkins Custom Checkbox Parameter Plugin High
CVE-2022-43425 was published for io.jenkins.plugins:custom-checkbox-parameter (Maven) Oct 19, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API