GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
115 advisories
Filter by severity
Hashicorp Consul Cross-site Scripting vulnerability
Moderate
CVE-2024-10086
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
Alist reflected Cross-Site Scripting vulnerability
Moderate
CVE-2024-47067
was published
for
github.com/alist-org/alist/v3
(Go)
Oct 10, 2024
Gouniverse GoLang CMS vulnerable to Cross-site Scripting
Moderate
CVE-2024-8572
was published
for
github.com/gouniverse/cms
(Go)
Sep 8, 2024
Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036)
Moderate
CVE-2024-41658
was published
for
github.com/casdoor/casdoor
(Go)
Aug 22, 2024
gotortc Cross-site Scripting vulnerability
Moderate
CVE-2024-29193
was published
for
github.com/AlexxIT/go2rtc
(Go)
Aug 5, 2024
gotortc Cross-site Scripting vulnerability
Moderate
CVE-2024-29191
was published
for
github.com/AlexxIT/go2rtc
(Go)
Aug 5, 2024
memos vulnerable to Server-Side Request Forgery and Cross-site Scripting
Moderate
CVE-2024-29029
was published
for
github.com/usememos/memos
(Go)
Aug 5, 2024
ZITADEL has improper HTML sanitization in emails and Console UI
Moderate
CVE-2024-41953
was published
for
github.com/zitadel/zitadel
(Go)
Jul 31, 2024
Denial of service via malicious preflight requests in github.com/rs/cors
Moderate
GHSA-mh55-gqvf-xfwm
was published
for
github.com/rs/cors
(Go)
Jul 5, 2024
Grafana Spoofing originalUrl of snapshots
Moderate
CVE-2022-39324
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana proxy Cross-site Scripting
Moderate
CVE-2022-21702
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Hugo Markdown titles do not escaped in internal render hooks
Moderate
CVE-2024-32875
was published
for
github.com/gohugoio/hugo
(Go)
Apr 23, 2024
Apache Answer: XSS vulnerability when changing personal website
Moderate
CVE-2024-29217
was published
for
github.com/apache/incubator-answer
(Go)
Apr 21, 2024
tiagorlampert CHAOS vulnerable to Cross Site Scripting
Moderate
CVE-2024-31839
was published
for
github.com/tiagorlampert/CHAOS
(Go)
Apr 12, 2024
Temporal UI Server cross-site scripting vulnerability
Moderate
CVE-2024-2435
was published
for
github.com/temporalio/ui-server/v2
(Go)
Apr 2, 2024
CA17 TeamsACS Cross Site Scripting vulnerability
Moderate
CVE-2024-22780
was published
for
github.com/ca17/teamsacs
(Go)
Apr 2, 2024
Apache Answer Cross-site Scripting vulnerability
Moderate
CVE-2024-23349
was published
for
github.com/apache/incubator-answer
(Go)
Feb 22, 2024
Cross-site Scripting in github.com/greenpau/caddy-security
Moderate
CVE-2024-21496
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting
Moderate
CVE-2023-52430
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 13, 2024
Grafana Cross-site Scripting (XSS)
Moderate
CVE-2018-12099
was published
for
github.com/grafana/grafana
(Go)
Jan 31, 2024
Grafana XSS via adding a link in General feature
Moderate
CVE-2018-18625
was published
for
github.com/grafana/grafana
(Go)
Jan 30, 2024
Grafana XSS in Dashboard Text Panel
Moderate
CVE-2018-18623
was published
for
github.com/grafana/grafana
(Go)
Jan 30, 2024
Withdrawn Advisory: Prometheus XSS Vulnerability
Moderate
CVE-2019-3826
was published
for
github.com/prometheus/prometheus
(Go)
Dec 13, 2023
•
withdrawn
matrix-media-repo: Unsafe media served inline on download endpoints
Moderate
CVE-2023-41318
was published
for
github.com/turt2live/matrix-media-repo
(Go)
Sep 8, 2023
Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint
Moderate
CVE-2023-40577
was published
for
github.com/prometheus/alertmanager
(Go)
Aug 23, 2023
ProTip!
Advisories are also available from the
GraphQL API