Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,001
Maven
5,000+
npm
3,711
NuGet
661
pip
3,384
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

196 advisories

Loading
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly... Moderate Unreviewed
CVE-2023-20179 was published Sep 27, 2023
plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait Low
GHSA-hc5c-r8m5-2gfh was published for plone.restapi (pip) Sep 21, 2023
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images Low
CVE-2023-41048 was published for plone.namedfile (pip) Sep 21, 2023
msegoviag
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2023-4663 was published Sep 15, 2023
The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by... Moderate Unreviewed
CVE-2023-4109 was published Aug 30, 2023
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco... Moderate Unreviewed
CVE-2023-20222 was published Aug 17, 2023
A vulnerability in the web-based management interface of Cisco Integrated Management Controller ... Moderate Unreviewed
CVE-2023-20228 was published Aug 16, 2023
The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled... Moderate Unreviewed
CVE-2022-4953 was published Aug 14, 2023
Critters Cross-site Scripting Vulnerability Moderate
CVE-2023-3481 was published for critters (npm) Aug 11, 2023
Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an... Critical Unreviewed
CVE-2023-39216 was published Aug 8, 2023
Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to... High Unreviewed
CVE-2023-39217 was published Aug 8, 2023
A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP... Moderate Unreviewed
CVE-2023-20181 was published Aug 4, 2023
A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone... Moderate Unreviewed
CVE-2023-20218 was published Aug 4, 2023
Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30. Moderate Unreviewed
CVE-2023-23548 was published Aug 1, 2023
matrix-react-sdk vulnerable to XSS in Export Chat feature Moderate
CVE-2023-37259 was published for matrix-react-sdk (npm) Jul 18, 2023
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama... Moderate Unreviewed
CVE-2023-0007 was published Jul 6, 2023
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that... Moderate Unreviewed
CVE-2023-25833 was published Jul 6, 2023
The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter... Moderate Unreviewed
CVE-2023-1384 was published Jul 6, 2023
There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and... Moderate Unreviewed
CVE-2022-38210 was published Jul 6, 2023
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device... Moderate Unreviewed
CVE-2023-24497 was published Jul 6, 2023
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device... Moderate Unreviewed
CVE-2023-24496 was published Jul 6, 2023
XWiki Platform vulnerable to reflected cross-site scripting via delattachment action High
CVE-2023-35157 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 22, 2023
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters Critical
CVE-2023-35153 was published for org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven) Jun 20, 2023
renniepak
LeafKit allows XSS with untrusted user input Moderate
CVE-2021-37634 was published for github.com/vapor/leaf-kit (Swift) Jun 9, 2023
alextrob
The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and... Moderate Unreviewed
CVE-2019-25144 was published Jun 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database