GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
132 advisories
Filter by severity
Mattermost Cross-site Scripting vulnerability
Low
CVE-2023-7113
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Dec 29, 2023
Winter CMS Stored XSS through Backend ColorPicker FormWidget
Low
CVE-2023-52084
was published
for
winter/wn-backend-module
(Composer)
Dec 28, 2023
Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming
Low
CVE-2023-52083
was published
for
winter/wn-system-module
(Composer)
Dec 28, 2023
Withdrawn Advisory: Stored Cross-site scripting affecting automad/automad
Low
CVE-2023-7035
was published
for
automad/automad
(Composer)
Dec 21, 2023
•
withdrawn
Stored XSS via SVG File Upload
Low
CVE-2023-49279
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Possible injection of HTML into user invite mails
Low
CVE-2023-38694
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
Concrete CMS Cross-site Scripting vulnerability
Low
CVE-2023-48649
was published
for
concrete5/concrete5
(Composer)
Nov 17, 2023
Fides JavaScript Injection Vulnerability in Privacy Center URL
Low
CVE-2023-46126
was published
for
ethyca-fides
(pip)
Oct 24, 2023
Zope management interface vulnerable to stored cross site scripting via the title property
Low
CVE-2023-44389
was published
for
Zope
(pip)
Oct 4, 2023
plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait
Low
GHSA-hc5c-r8m5-2gfh
was published
for
plone.restapi
(pip)
Sep 21, 2023
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images
Low
CVE-2023-41048
was published
for
plone.namedfile
(pip)
Sep 21, 2023
Zope vulnerable to Stored Cross Site Scripting with SVG images
Low
CVE-2023-42458
was published
for
Zope
(pip)
Sep 21, 2023
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
Low
CVE-2023-40030
was published
for
cargo
(Rust)
Aug 24, 2023
Cross-site Scripting in Mingsoft MCMS
Low
CVE-2023-3990
was published
for
net.mingsoft:ms-mcms
(Maven)
Jul 28, 2023
RuoYi vulnerable to Cross-site Scripting
Low
CVE-2023-3815
was published
for
com.ruoyi:ruoyi
(Maven)
Jul 21, 2023
Winter CMS stored XSS through privileged upload of SVG file
Low
CVE-2023-37269
was published
for
wintercms/winter
(Composer)
Jul 7, 2023
Spina Cross-site Scripting vulnerability
Low
CVE-2023-3445
was published
for
spina
(RubyGems)
Jun 28, 2023
CraftCMS stored XSS in Quick Post widget error message
Low
CVE-2023-33194
was published
for
craftcms/cms
(Composer)
May 26, 2023
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names
Low
CVE-2023-28819
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
Stored cross site scripting in RSS displayer
Low
CVE-2023-28820
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
eslint-detailed-reporter vulnerable to cross-site scripting
Low
CVE-2022-4942
was published
for
eslint-detailed-reporter
(npm)
Apr 20, 2023
AzuraCast/AzuraCast vulnerable to cross-site scripting
Low
CVE-2023-2191
was published
for
azuracast/azuracast
(Composer)
Apr 20, 2023
govuk_tech_docs vulnerable to unescaped HTML on search results page
Low
CVE-2024-22048
was published
for
govuk_tech_docs
(RubyGems)
Apr 11, 2023
teler dashboard vulnerable to DOM-based cross-site scripting (XSS)
Low
CVE-2022-23466
was published
for
teler.app
(Go)
Dec 6, 2022
Cross-site Scripting in actionpack
Low
CVE-2022-3704
was published
for
actionpack
(RubyGems)
Oct 27, 2022
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API