GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
197 advisories
Filter by severity
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly...
Moderate
Unreviewed
CVE-2023-20179
was published
Sep 27, 2023
plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait
Low
GHSA-hc5c-r8m5-2gfh
was published
for
plone.restapi
(pip)
Sep 21, 2023
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images
Low
CVE-2023-41048
was published
for
plone.namedfile
(pip)
Sep 21, 2023
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2023-4663
was published
Sep 15, 2023
The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by...
Moderate
Unreviewed
CVE-2023-4109
was published
Aug 30, 2023
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco...
Moderate
Unreviewed
CVE-2023-20222
was published
Aug 17, 2023
A vulnerability in the web-based management interface of Cisco Integrated Management Controller ...
Moderate
Unreviewed
CVE-2023-20228
was published
Aug 16, 2023
The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled...
Moderate
Unreviewed
CVE-2022-4953
was published
Aug 14, 2023
Critters Cross-site Scripting Vulnerability
Moderate
CVE-2023-3481
was published
for
critters
(npm)
Aug 11, 2023
Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to...
High
Unreviewed
CVE-2023-39217
was published
Aug 8, 2023
Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an...
Critical
Unreviewed
CVE-2023-39216
was published
Aug 8, 2023
A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP...
Moderate
Unreviewed
CVE-2023-20181
was published
Aug 4, 2023
A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone...
Moderate
Unreviewed
CVE-2023-20218
was published
Aug 4, 2023
Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.
Moderate
Unreviewed
CVE-2023-23548
was published
Aug 1, 2023
matrix-react-sdk vulnerable to XSS in Export Chat feature
Moderate
CVE-2023-37259
was published
for
matrix-react-sdk
(npm)
Jul 18, 2023
A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama...
Moderate
Unreviewed
CVE-2023-0007
was published
Jul 6, 2023
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that...
Moderate
Unreviewed
CVE-2023-25833
was published
Jul 6, 2023
The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter...
Moderate
Unreviewed
CVE-2023-1384
was published
Jul 6, 2023
There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and...
Moderate
Unreviewed
CVE-2022-38210
was published
Jul 6, 2023
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device...
Moderate
Unreviewed
CVE-2023-24497
was published
Jul 6, 2023
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device...
Moderate
Unreviewed
CVE-2023-24496
was published
Jul 6, 2023
XWiki Platform vulnerable to reflected cross-site scripting via delattachment action
High
CVE-2023-35157
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 22, 2023
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters
Critical
CVE-2023-35153
was published
for
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
(Maven)
Jun 20, 2023
LeafKit allows XSS with untrusted user input
Moderate
CVE-2021-37634
was published
for
github.com/vapor/leaf-kit
(Swift)
Jun 9, 2023
The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and...
Moderate
Unreviewed
CVE-2019-25144
was published
Jun 7, 2023
ProTip!
Advisories are also available from the
GraphQL API