Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

21 advisories

Loading
Cross Site Scripting vulnerability in django-jsonform's admin form. High
GHSA-x9jp-4w8m-4f3c was published for django-jsonform (pip) Jun 10, 2022
XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form High
CVE-2022-36097 was published for org.xwiki.platform:xwiki-platform-attachment-ui (Maven) Sep 16, 2022
XWiki Platform Web Parent POM vulnerable to XSS in the attachment history High
CVE-2022-36094 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list High
CVE-2022-36096 was published for org.xwiki.platform:xwiki-platform-index-ui (Maven) Sep 16, 2022
Cross-site Scripting in the Flamingo theme manager High
CVE-2022-29251 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) May 25, 2022
Cross-site scripting (XSS) from field and configuration text displayed in the Panel High
CVE-2021-32735 was published for getkirby/cms (Composer) Jul 2, 2021
hdodov tdunlap607
org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting High
CVE-2023-29508 was published for org.xwiki.platform:xwiki-platform-livedata-macro (Maven) Apr 12, 2023
XSS/Script injection vulnerability in matestack High
CVE-2020-5241 was published for matestack-ui-core (RubyGems) Feb 12, 2020
PragTob tdunlap607
XWiki Platform vulnerable to reflected cross-site scripting via delattachment action High
CVE-2023-35157 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 22, 2023
@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability High
CVE-2024-23841 was published for @apollo/experimental-nextjs-app-support (npm) Jan 30, 2024
phryneas IkeMurami
peakematt
Statmic CMS vulnerable to account takeover via XSS and password reset link High
CVE-2024-24570 was published for statamic/cms (Composer) Feb 1, 2024
sec-consult
XSS sidekiq-unique-jobs UI server vulnerability High
CVE-2024-25122 was published for sidekiq-unique-jobs (RubyGems) Feb 13, 2024
pboling Earlopain
Dolibarr Application Home Page has HTML injection vulnerability High
CVE-2024-23817 was published for dolibarr/dolibarr (Composer) Apr 18, 2024
saimanikanta1992
ghtml Cross-Site Scripting (XSS) vulnerability High
CVE-2024-37166 was published for ghtml (npm) Jun 10, 2024
lirantal
Sentry vulnerable to stored Cross-Site Scripting (XSS) High
CVE-2024-41656 was published for sentry (pip) Jul 23, 2024
stsewd
Withdrawn Advisory: Kirby CMS HTML injection vulnerability High
CVE-2024-26482 was published for getkirby/cms (Composer) Feb 22, 2024 withdrawn
Mautic vulnerable to stored cross-site scripting in description field High
CVE-2021-27915 was published for mautic/core (Composer) Apr 11, 2024
Special Element Injection in notebook High
CVE-2021-32798 was published for notebook (pip) Aug 23, 2021
0xDeva
Rancher API Server Cross-site Scripting Vulnerability High
CVE-2023-32192 was published for github.com/rancher/apiserver (Go) Feb 8, 2024
diego95root kujalamathias
Norman API Cross-site Scripting Vulnerability High
CVE-2023-32193 was published for github.com/rancher/norman (Go) Feb 8, 2024
diego95root kujalamathias
XBlock vulnerable to Cross-Site Scripting (XSS) High
CVE-2022-46147 was published for xblock-drag-and-drop-v2 (pip) Dec 2, 2022
ProTip! Advisories are also available from the GraphQL API