Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

112 advisories

Loading
Gouniverse GoLang CMS vulnerable to Cross-site Scripting Moderate
CVE-2024-8572 was published for github.com/gouniverse/cms (Go) Sep 8, 2024
Rancher UI has multiple Cross-Site Scripting (XSS) issues Moderate
CVE-2022-43760 was published for github.com/rancher/rancher (Go) Jun 6, 2023
bybit-sec andrewpollock
Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036) Moderate
CVE-2024-41658 was published for github.com/casdoor/casdoor (Go) Aug 22, 2024
Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd/v2 Moderate
CVE-2021-23347 was published for github.com/argoproj/argo-cd/v2 (Go) May 21, 2021
ZITADEL has improper HTML sanitization in emails and Console UI Moderate
CVE-2024-41953 was published for github.com/zitadel/zitadel (Go) Jul 31, 2024
livio-a
Grafana Spoofing originalUrl of snapshots Moderate
CVE-2022-39324 was published for github.com/grafana/grafana (Go) May 14, 2024
r3kumar
Grafana XSS via a query alias for the ElasticSearch datasource Moderate
CVE-2020-24303 was published for github.com/grafana/grafana (Go) May 24, 2022
Grafana stored XSS Moderate
CVE-2020-11110 was published for github.com/grafana/grafana (Go) May 24, 2022
Grafana XSS via a column style Moderate
CVE-2018-18624 was published for github.com/grafana/grafana (Go) May 24, 2022
Grafana XSS via the OpenTSDB datasource Moderate
CVE-2020-13430 was published for github.com/grafana/grafana (Go) May 24, 2022
Grafana XSS in header column rename Moderate
CVE-2020-12245 was published for github.com/grafana/grafana (Go) May 24, 2022
gotortc Cross-site Scripting vulnerability Moderate
CVE-2024-29193 was published for github.com/AlexxIT/go2rtc (Go) Aug 5, 2024
gotortc Cross-site Scripting vulnerability Moderate
CVE-2024-29191 was published for github.com/AlexxIT/go2rtc (Go) Aug 5, 2024
memos vulnerable to Server-Side Request Forgery and Cross-site Scripting Moderate
CVE-2024-29029 was published for github.com/usememos/memos (Go) Aug 5, 2024
Hugo Markdown titles do not escaped in internal render hooks Moderate
CVE-2024-32875 was published for github.com/gohugoio/hugo (Go) Apr 23, 2024
ejona86
Denial of service via malicious preflight requests in github.com/rs/cors Moderate
GHSA-mh55-gqvf-xfwm was published for github.com/rs/cors (Go) Jul 5, 2024
teler-waf contains detection rule bypass via Entities payload Moderate
CVE-2023-26047 was published for github.com/kitabisa/teler-waf (Go) Mar 1, 2023
aidilarf
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload Moderate
CVE-2023-26046 was published for github.com/kitabisa/teler-waf (Go) Mar 1, 2023
aidilarf
Cross-site scripting in bluemonday Moderate
CVE-2021-29272 was published for github.com/microcosm-cc/bluemonday (Go) May 18, 2021
Grafana proxy Cross-site Scripting Moderate
CVE-2022-21702 was published for github.com/grafana/grafana (Go) May 14, 2024
tiagorlampert CHAOS vulnerable to Cross Site Scripting Moderate
CVE-2024-31839 was published for github.com/tiagorlampert/CHAOS (Go) Apr 12, 2024
Apache Answer: XSS vulnerability when changing personal website Moderate
CVE-2024-29217 was published for github.com/apache/incubator-answer (Go) Apr 21, 2024
Gitea XSS Vulnerability in Repository Description Moderate
CVE-2019-1010314 was published for code.gitea.io/gitea (Go) May 24, 2022
Temporal UI Server cross-site scripting vulnerability Moderate
CVE-2024-2435 was published for github.com/temporalio/ui-server/v2 (Go) Apr 2, 2024
CA17 TeamsACS Cross Site Scripting vulnerability Moderate
CVE-2024-22780 was published for github.com/ca17/teamsacs (Go) Apr 2, 2024
ProTip! Advisories are also available from the GraphQL API