GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
174 advisories
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters
Critical
CVE-2023-35153
was published
for
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
(Maven)
Jun 20, 2023
LeafKit allows XSS with untrusted user input
Moderate
CVE-2021-37634
was published
for
github.com/vapor/leaf-kit
(Swift)
Jun 9, 2023
Craft CMS stored XSS in indexedVolumes
Moderate
CVE-2023-33197
was published
for
craftcms/cms
(Composer)
May 26, 2023
Craft CMS stored XSS in review volume
Moderate
CVE-2023-33196
was published
for
craftcms/cms
(Composer)
May 26, 2023
CraftCMS stored XSS in Quick Post widget error message
Low
CVE-2023-33194
was published
for
craftcms/cms
(Composer)
May 26, 2023
govuk_tech_docs vulnerable to unescaped HTML on search results page
Low
CVE-2024-22048
was published
for
govuk_tech_docs
(RubyGems)
Apr 11, 2023
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload
Moderate
CVE-2023-26046
was published
for
github.com/kitabisa/teler-waf
(Go)
Mar 1, 2023
Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown
Moderate
GHSA-755v-r4x4-qf7m
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 29, 2022
Twisted vulnerable to NameVirtualHost Host header injection
Moderate
CVE-2022-39348
was published
for
twisted
(pip)
Oct 26, 2022
ProTip!
Advisories are also available from the
GraphQL API