GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
110 advisories
Filter by severity
Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers
Critical
CVE-2023-32070
was published
for
org.xwiki.platform:xwiki-core-rendering-api
(Maven)
May 11, 2023
Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml
Critical
CVE-2023-31126
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
May 9, 2023
XWiki Platform vulnerable to RXSS via editor parameter - importinline template
Critical
CVE-2023-32071
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
May 9, 2023
Duplicate Advisory: AVideo contains Command injection when embedding a video link
Critical
GHSA-wj6r-53f5-q789
was published
for
wwbn/avideo
(Composer)
Apr 25, 2023
•
withdrawn
Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml
Critical
CVE-2023-29528
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
Apr 20, 2023
org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins
Critical
CVE-2023-29206
was published
for
org.xwiki.platform:xwiki-platform-skin-skinx
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro
Critical
CVE-2023-29205
was published
for
org.xwiki.platform:xwiki-platform-rendering-xwiki
(Maven)
Apr 12, 2023
org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability
Critical
CVE-2023-29202
was published
for
org.xwiki.platform:xwiki-core-rendering-macro-rss
(Maven)
Apr 12, 2023
org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability
Critical
CVE-2023-29201
was published
for
org.xwiki.commons:xwiki-commons-xml
(Maven)
Apr 12, 2023
Cross-site Scripting in kimai/kimai
Critical
CVE-2020-19825
was published
for
kimai/kimai
(Composer)
Feb 16, 2023
Answer has Cross-site Scripting vulnerability
Critical
CVE-2023-0741
was published
for
github.com/answerdev/answer
(Go)
Feb 8, 2023
Answer subject to Cross-site Scripting vulnerability
Critical
CVE-2023-0743
was published
for
github.com/answerdev/answer
(Go)
Feb 8, 2023
Answer contains Cross-site Scripting vulnerability
Critical
CVE-2023-0742
was published
for
github.com/answerdev/answer
(Go)
Feb 8, 2023
Cross-site scripting vulnerability found in answerdev/answer
Critical
CVE-2023-0740
was published
for
github.com/answerdev/answer
(Go)
Feb 8, 2023
tinymighty WikiSEO is vulnerable to cross-site scripting via modifyHTML function
Critical
CVE-2015-10073
was published
for
tinymighty/wiki-seo
(Composer)
Feb 6, 2023
AVideo contains Command injection when embedding a video link
Critical
CVE-2023-25313
was published
for
wwbn/avideo
(Composer)
Feb 2, 2023
usememos/memos vulnerable to Cross-site Scripting
Critical
CVE-2022-4866
was published
for
github.com/usememos/memos
(Go)
Dec 31, 2022
usememos/memos Cross-site Scripting vulnerability
Critical
CVE-2022-4865
was published
for
github.com/usememos/memos
(Go)
Dec 31, 2022
PyroCMS vulnerable to stored Cross Site Scripting
Critical
CVE-2022-37721
was published
for
pyrocms/pyrocms
(Composer)
Nov 25, 2022
Cross site scripting vulnerability with discussion titles
Critical
CVE-2022-41938
was published
for
flarum/core
(Composer)
Nov 21, 2022
ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS)
Critical
GHSA-58h5-h554-429q
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
Nov 10, 2022
Gogs vulnerable to Cross-site Scripting
Critical
CVE-2022-32174
was published
for
gogs.io/gogs
(Go)
Oct 11, 2022
Valine code injection vulnerability
Critical
CVE-2022-38545
was published
for
valine
(npm)
Sep 20, 2022
XWiki Platform Mentions UI vulnerable to Cross-site Scripting
Critical
CVE-2022-36098
was published
for
org.xwiki.platform:xwiki-platform-mentions-ui
(Maven)
Sep 16, 2022
Joplin is vulnerable to arbitrary code execution
Critical
CVE-2022-35131
was published
for
joplin
(npm)
Jul 26, 2022
ProTip!
Advisories are also available from the
GraphQL API