Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

278 advisories

Loading
DOM-based XSS in src/muya/lib/contentState/pasteCtrl.js in MarkText 0.17.1 and before on Windows,... Critical Unreviewed
CVE-2023-2318 was published Aug 19, 2023
DOM-based XSS in updater/update.html in Typora before 1.6.7 on Windows and Linux allows a crafted... Critical Unreviewed
CVE-2023-2317 was published Aug 19, 2023
IBM Security Guardium Data Encryption (IBM Guardium Cloud Key Manager (GCKM) 1.10.3)) could allow... Critical Unreviewed
CVE-2023-26270 was published Aug 28, 2023
A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated... Critical Unreviewed
CVE-2023-39612 was published Sep 16, 2023
Cross Site Scripting vulnerability in Dolibarr ERP CRM Critical
CVE-2023-38888 was published for dolibarr/dolibarr (Composer) Sep 20, 2023
Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious... Critical Unreviewed
CVE-2023-0829 was published Sep 20, 2023
Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or... Critical Unreviewed
CVE-2023-0625 was published Sep 25, 2023
The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable... Critical Unreviewed
CVE-2023-26218 was published Sep 29, 2023
phpMyFAQ Cross-site Scripting vulnerability Critical
CVE-2023-5316 was published for thorsten/phpmyfaq (Composer) Sep 30, 2023
phpMyFAQ Cross-site Scripting vulnerability Critical
CVE-2023-5320 was published for thorsten/phpmyfaq (Composer) Sep 30, 2023
A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application... Critical Unreviewed
CVE-2023-35796 was published Oct 10, 2023
XWiki Change Request Application UI XSS and remote code execution through change request title Critical
CVE-2023-45138 was published for org.xwiki.contrib.changerequest:application-changerequest-ui (Maven) Oct 17, 2023
michitux
XWiki Identity Oauth Privilege escalation (PR)/remote code execution from login screen through unescaped URL parameter Critical
CVE-2023-45144 was published for com.xwiki.identity-oauth:identity-oauth-ui (Maven) Oct 17, 2023
lucaswitvoet
Interway a.s WebJET CMS 8.6.896 is vulnerable to Cross Site Scripting (XSS). Critical Unreviewed
CVE-2022-37830 was published Oct 19, 2023
modoboa Cross-site Scripting vulnerability Critical
CVE-2023-5688 was published for modoboa (pip) Oct 20, 2023
org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability Critical
CVE-2023-37908 was published for org.xwiki.rendering:xwiki-rendering-xml (Maven) Oct 25, 2023
XWiki Platform XSS vulnerability from account in the create page form via template provider Critical
CVE-2023-45134 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled Critical
CVE-2023-45136 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Oct 25, 2023
XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages Critical
CVE-2023-45137 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
ILIAS 7.25 (2023-09-12) allows any authenticated user to execute arbitrary operating system... Critical Unreviewed
CVE-2023-45869 was published Oct 26, 2023
Cross-site scripting (XSS) vulnerability in Invoice Edit Page in Bitrix24 22.0.300 allows... Critical Unreviewed
CVE-2023-1716 was published Nov 1, 2023
A logic error when using mb_strpos() to check for potential XSS payload in Bitrix24 22.0.300... Critical Unreviewed
CVE-2023-1715 was published Nov 1, 2023
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu Critical
CVE-2023-46732 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Nov 8, 2023
H2O is vulnerable to stored XSS vulnerability which can lead to a Local File Include attack. Critical Unreviewed
CVE-2023-6013 was published Nov 16, 2023
Liferay Portal XSS with `p_l_back_url_title` on edit content page Critical
CVE-2023-47797 was published for com.liferay.portal:release.portal.bom (Maven) Nov 17, 2023
ProTip! Advisories are also available from the GraphQL API