GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
406 advisories
Filter by severity
TestComplete support Plugin vulnerable to stored Cross-site Scripting
High
CVE-2023-33002
was published
for
org.jenkins-ci.plugins:TestComplete
(Maven)
May 16, 2023
teampass vulnerable to code injection
High
CVE-2023-2591
was published
for
nilsteampassnet/teampass
(Composer)
May 9, 2023
Cross Site Scripting in thorsten/phpmyfaq
High
CVE-2023-2550
was published
for
thorsten/phpmyfaq
(Composer)
May 5, 2023
Cross Site Scripting in OpenTSDB
High
CVE-2023-25827
was published
for
net.opentsdb:opentsdb
(Maven)
May 3, 2023
WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account
High
CVE-2023-30860
was published
for
wwbn/avideo
(Composer)
May 1, 2023
Cross site scripting (XSS) in wwbn/avideo
High
GHSA-2fch-hv74-fgw9
was published
for
wwbn/avideo
(Composer)
Apr 26, 2023
HTML injection in search results via plaintext message highlighting
High
CVE-2023-30609
was published
for
matrix-react-sdk
(npm)
Apr 25, 2023
Possible XSS injection through Validate::isCleanHTML method
High
CVE-2023-30838
was published
for
prestashop/prestashop
(Composer)
Apr 25, 2023
sidekiq vulnerable to cross-site scripting
High
CVE-2023-1892
was published
for
sidekiq
(RubyGems)
Apr 21, 2023
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay
High
CVE-2023-30614
was published
for
pay
(RubyGems)
Apr 20, 2023
Apache Sling Engine vulnerable to cross-site scripting (XSS) that can lead to privilege escalation
High
CVE-2022-45064
was published
for
org.apache.sling:org.apache.sling.engine
(Maven)
Apr 13, 2023
Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro
High
CVE-2023-29207
was published
for
org.xwiki.platform:xwiki-platform-flamingo
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting
High
CVE-2023-29508
was published
for
org.xwiki.platform:xwiki-platform-livedata-macro
(Maven)
Apr 12, 2023
Jenkins Quay.io trigger Plugin Cross-site Scripting vulnerability
High
CVE-2023-30520
was published
for
org.jenkins-ci.plugins:quayio-trigger
(Maven)
Apr 12, 2023
thorsten/phpmyfaq vulnerable to DOM cross-site scripting (XSS) via configuration privacy note URL parameter
High
CVE-2023-1882
was published
for
thorsten/phpmyfaq
(Composer)
Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) in FAQ comment username parameter
High
CVE-2023-1758
was published
for
thorsten/phpmyfaq
(Composer)
Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via FAQ News link parameter
High
CVE-2023-1757
was published
for
thorsten/phpmyfaq
(Composer)
Apr 5, 2023
Microweber vulnerable to stored cross-site scripting (XSS) via X-Forwarded-For header
High
CVE-2023-1881
was published
for
microweber/microweber
(Composer)
Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via adminlog
High
CVE-2023-1878
was published
for
thorsten/phpmyfaq
(Composer)
Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via artlang parameter
High
CVE-2023-1880
was published
for
thorsten/phpmyfaq
(Composer)
Apr 5, 2023
markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS)
High
CVE-2023-0835
was published
for
markdown-pdf
(npm)
Apr 5, 2023
Jenkins Mashup Portlets Plugin vulnerable to stored cross-site scripting
High
CVE-2023-28679
was published
for
javagh.jenkins:mashup-portlets-plugin
(Maven)
Apr 2, 2023
Jenkins Cppcheck Plugin vulnerable to stored cross-site scripting (XSS)
High
CVE-2023-28678
was published
for
org.jenkins-ci.plugins:cppcheck
(Maven)
Apr 2, 2023
Jenkins JaCoCo Plugin vulnerable to Stored Cross-site Scripting
High
CVE-2023-28669
was published
for
org.jenkins-ci.plugins:jacoco
(Maven)
Apr 2, 2023
Jenkins Pipeline Aggregator View Plugin vulnerable to Cross-site Scripting
High
CVE-2023-28670
was published
for
com.paul8620.jenkins.plugins:pipeline-aggregator-view
(Maven)
Apr 2, 2023
ProTip!
Advisories are also available from the
GraphQL API