GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
278 advisories
Filter by severity
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows,...
Critical
Unreviewed
CVE-2023-2318
was published
Aug 19, 2023
DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted...
Critical
Unreviewed
CVE-2023-2317
was published
Aug 19, 2023
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow...
Critical
Unreviewed
CVE-2023-26270
was published
Aug 28, 2023
A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated...
Critical
Unreviewed
CVE-2023-39612
was published
Sep 16, 2023
Cross Site Scripting vulnerability in Dolibarr ERP CRM
Critical
CVE-2023-38888
was published
for
dolibarr/dolibarr
(Composer)
Sep 20, 2023
Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious...
Critical
Unreviewed
CVE-2023-0829
was published
Sep 20, 2023
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or...
Critical
Unreviewed
CVE-2023-0625
was published
Sep 25, 2023
The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable...
Critical
Unreviewed
CVE-2023-26218
was published
Sep 29, 2023
phpMyFAQ Cross-site Scripting vulnerability
Critical
CVE-2023-5316
was published
for
thorsten/phpmyfaq
(Composer)
Sep 30, 2023
phpMyFAQ Cross-site Scripting vulnerability
Critical
CVE-2023-5320
was published
for
thorsten/phpmyfaq
(Composer)
Sep 30, 2023
A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application...
Critical
Unreviewed
CVE-2023-35796
was published
Oct 10, 2023
XWiki Change Request Application UI XSS and remote code execution through change request title
Critical
CVE-2023-45138
was published
for
org.xwiki.contrib.changerequest:application-changerequest-ui
(Maven)
Oct 17, 2023
XWiki Identity Oauth Privilege escalation (PR)/remote code execution from login screen through unescaped URL parameter
Critical
CVE-2023-45144
was published
for
com.xwiki.identity-oauth:identity-oauth-ui
(Maven)
Oct 17, 2023
Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS).
Critical
Unreviewed
CVE-2022-37830
was published
Oct 19, 2023
modoboa Cross-site Scripting vulnerability
Critical
CVE-2023-5688
was published
for
modoboa
(pip)
Oct 20, 2023
org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability
Critical
CVE-2023-37908
was published
for
org.xwiki.rendering:xwiki-rendering-xml
(Maven)
Oct 25, 2023
XWiki Platform XSS vulnerability from account in the create page form via template provider
Critical
CVE-2023-45134
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Oct 25, 2023
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled
Critical
CVE-2023-45136
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Oct 25, 2023
XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages
Critical
CVE-2023-45137
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Oct 25, 2023
ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system...
Critical
Unreviewed
CVE-2023-45869
was published
Oct 26, 2023
Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows...
Critical
Unreviewed
CVE-2023-1716
was published
Nov 1, 2023
A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300...
Critical
Unreviewed
CVE-2023-1715
was published
Nov 1, 2023
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu
Critical
CVE-2023-46732
was published
for
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
(Maven)
Nov 8, 2023
H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack.
Critical
Unreviewed
CVE-2023-6013
was published
Nov 16, 2023
Liferay Portal XSS with `p_l_back_url_title` on edit content page
Critical
CVE-2023-47797
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 17, 2023
ProTip!
Advisories are also available from the
GraphQL API