GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
Reflected XSS when importing CSV in OctoberCMS
Moderate
CVE-2020-5298
was published
for
october/backend
(Composer)
Jun 3, 2020
JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>
Moderate
CVE-2021-32797
was published
for
jupyterlab
(pip)
Aug 23, 2021
Apache Tiles Vulnerable to XSS via EL Expression Injection
Moderate
CVE-2009-1275
was published
for
org.apache.tiles:tiles-core
(Maven)
May 2, 2022
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE)...
Moderate
Unreviewed
CVE-2022-20963
was published
Nov 4, 2022
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template
Critical
CVE-2023-35156
was published
for
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
(Maven)
Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template
Critical
CVE-2023-35158
was published
for
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
(Maven)
Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template
Critical
CVE-2023-35159
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template
Critical
CVE-2023-35160
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page
Critical
CVE-2023-35161
was published
for
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
(Maven)
Jun 22, 2023
A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart...
Moderate
Unreviewed
CVE-2023-20188
was published
Jun 28, 2023
pimcore/customer-management-framework-bundle Cross-site Scripting vulnerability in Segment name
Moderate
CVE-2023-4145
was published
for
pimcore/customer-management-framework-bundle
(Composer)
Aug 3, 2023
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated,...
Moderate
Unreviewed
CVE-2023-20208
was published
Nov 21, 2023
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
Moderate
Unreviewed
CVE-2024-3162
was published
Apr 3, 2024
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags
High
CVE-2024-32463
was published
for
phlex
(RubyGems)
Apr 17, 2024
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross...
Moderate
Unreviewed
CVE-2024-8505
was published
Oct 2, 2024
ProTip!
Advisories are also available from the
GraphQL API