Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,140
Maven
5,000+
npm
3,800
NuGet
687
pip
3,478
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

167 advisories

Loading
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards Moderate
CVE-2022-25774 was published for mautic/core (Composer) Apr 12, 2024
Vautia
Stored XSS in graph rendering in Checkmk <2.3.0b4. Moderate Unreviewed
CVE-2024-2380 was published Apr 5, 2024
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that... Moderate Unreviewed
CVE-2024-25690 was published Apr 4, 2024
A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042,... Moderate Unreviewed
CVE-2024-20362 was published Apr 3, 2024
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a... Moderate Unreviewed
CVE-2024-31062 was published Mar 28, 2024
phpMyFAQ Stored HTML Injection at contentLink Moderate
CVE-2024-28108 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin
Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users... Moderate Unreviewed
CVE-2024-1606 was published Mar 18, 2024
Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php. Moderate Unreviewed
CVE-2024-28417 was published Mar 14, 2024
hexo-theme-anzhiyu Cross-site Scripting vulnerability Moderate
CVE-2024-25865 was published for hexo-theme-anzhiyu (npm) Mar 3, 2024
Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field... Moderate Unreviewed
CVE-2024-25873 was published Feb 22, 2024
phpMyFAQ vulnerable to stored XSS on attachments filename Moderate
CVE-2024-24574 was published for phpmyfaq/phpmyfaq (Composer) Feb 5, 2024
nikkoenggaliano
An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16... Moderate Unreviewed
CVE-2023-5933 was published Jan 26, 2024
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow... Moderate Unreviewed
CVE-2023-20257 was published Jan 17, 2024
A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. This issue... Moderate Unreviewed
CVE-2023-5582 was published Oct 14, 2023
A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of... Moderate Unreviewed
CVE-2023-34354 was published Oct 11, 2023
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet... Moderate Unreviewed
CVE-2023-36555 was published Oct 10, 2023
An HTML injection flaw was found in Controller in the user interface settings. This flaw allows... Moderate Unreviewed
CVE-2023-3971 was published Oct 4, 2023
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly... Moderate Unreviewed
CVE-2023-20179 was published Sep 27, 2023
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Moderate Unreviewed
CVE-2023-4663 was published Sep 15, 2023
The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by... Moderate Unreviewed
CVE-2023-4109 was published Aug 30, 2023
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco... Moderate Unreviewed
CVE-2023-20222 was published Aug 17, 2023
A vulnerability in the web-based management interface of Cisco Integrated Management Controller ... Moderate Unreviewed
CVE-2023-20228 was published Aug 16, 2023
The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled... Moderate Unreviewed
CVE-2022-4953 was published Aug 14, 2023
Critters Cross-site Scripting Vulnerability Moderate
CVE-2023-3481 was published for critters (npm) Aug 11, 2023
A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP... Moderate Unreviewed
CVE-2023-20181 was published Aug 4, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database