GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
197 advisories
Filter by severity
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that...
Moderate
Unreviewed
CVE-2024-25690
was published
Apr 4, 2024
A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042,...
Moderate
Unreviewed
CVE-2024-20362
was published
Apr 3, 2024
Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a...
Moderate
Unreviewed
CVE-2024-31062
was published
Mar 28, 2024
An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker...
High
Unreviewed
CVE-2023-40290
was published
Mar 27, 2024
phpMyFAQ Stored HTML Injection at contentLink
Moderate
CVE-2024-28108
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users...
Moderate
Unreviewed
CVE-2024-1606
was published
Mar 18, 2024
Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php.
Moderate
Unreviewed
CVE-2024-28417
was published
Mar 14, 2024
hexo-theme-anzhiyu Cross-site Scripting vulnerability
Moderate
CVE-2024-25865
was published
for
hexo-theme-anzhiyu
(npm)
Mar 3, 2024
Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field...
Moderate
Unreviewed
CVE-2024-25873
was published
Feb 22, 2024
Withdrawn Advisory: Kirby CMS HTML injection vulnerability
High
CVE-2024-26482
was published
for
getkirby/cms
(Composer)
Feb 22, 2024
•
withdrawn
XSS sidekiq-unique-jobs UI server vulnerability
High
CVE-2024-25122
was published
for
sidekiq-unique-jobs
(RubyGems)
Feb 13, 2024
Rancher API Server Cross-site Scripting Vulnerability
High
CVE-2023-32192
was published
for
github.com/rancher/apiserver
(Go)
Feb 8, 2024
Norman API Cross-site Scripting Vulnerability
High
CVE-2023-32193
was published
for
github.com/rancher/norman
(Go)
Feb 8, 2024
Sulu HTML Injection via Autocomplete Suggestion
Low
CVE-2024-24807
was published
for
sulu/sulu
(Composer)
Feb 5, 2024
phpMyFAQ vulnerable to stored XSS on attachments filename
Moderate
CVE-2024-24574
was published
for
phpmyfaq/phpmyfaq
(Composer)
Feb 5, 2024
Statmic CMS vulnerable to account takeover via XSS and password reset link
High
CVE-2024-24570
was published
for
statamic/cms
(Composer)
Feb 1, 2024
@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability
High
CVE-2024-23841
was published
for
@apollo/experimental-nextjs-app-support
(npm)
Jan 30, 2024
An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16...
Moderate
Unreviewed
CVE-2023-5933
was published
Jan 26, 2024
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow...
Moderate
Unreviewed
CVE-2023-20257
was published
Jan 17, 2024
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified...
Low
Unreviewed
CVE-2024-0183
was published
Jan 2, 2024
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu
Critical
CVE-2023-46732
was published
for
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
(Maven)
Nov 8, 2023
A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. This issue...
Moderate
Unreviewed
CVE-2023-5582
was published
Oct 14, 2023
A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of...
Moderate
Unreviewed
CVE-2023-34354
was published
Oct 11, 2023
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet...
Moderate
Unreviewed
CVE-2023-36555
was published
Oct 10, 2023
An HTML injection flaw was found in Controller in the user interface settings. This flaw allows...
Moderate
Unreviewed
CVE-2023-3971
was published
Oct 4, 2023
ProTip!
Advisories are also available from the
GraphQL API