GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,132
Erlang
29
GitHub Actions
19
Go
1,937
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
184 advisories
Filter by severity
Norman API Cross-site Scripting Vulnerability
High
CVE-2023-32193
was published
for
github.com/rancher/norman
(Go)
Feb 8, 2024
Sulu HTML Injection via Autocomplete Suggestion
Low
CVE-2024-24807
was published
for
sulu/sulu
(Composer)
Feb 5, 2024
phpMyFAQ vulnerable to stored XSS on attachments filename
Moderate
CVE-2024-24574
was published
for
phpmyfaq/phpmyfaq
(Composer)
Feb 5, 2024
Statmic CMS vulnerable to account takeover via XSS and password reset link
High
CVE-2024-24570
was published
for
statamic/cms
(Composer)
Feb 1, 2024
@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability
High
CVE-2024-23841
was published
for
@apollo/experimental-nextjs-app-support
(npm)
Jan 30, 2024
An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16...
Moderate
Unreviewed
CVE-2023-5933
was published
Jan 26, 2024
A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow...
Moderate
Unreviewed
CVE-2023-20257
was published
Jan 17, 2024
A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified...
Low
Unreviewed
CVE-2024-0183
was published
Jan 2, 2024
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu
Critical
CVE-2023-46732
was published
for
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
(Maven)
Nov 8, 2023
A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. This issue...
Moderate
Unreviewed
CVE-2023-5582
was published
Oct 14, 2023
A stored cross-site scripting (XSS) vulnerability exists in the upload_brand.cgi functionality of...
Moderate
Unreviewed
CVE-2023-34354
was published
Oct 11, 2023
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet...
Moderate
Unreviewed
CVE-2023-36555
was published
Oct 10, 2023
An HTML injection flaw was found in Controller in the user interface settings. This flaw allows...
Moderate
Unreviewed
CVE-2023-3971
was published
Oct 4, 2023
A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly...
Moderate
Unreviewed
CVE-2023-20179
was published
Sep 27, 2023
plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait
Low
GHSA-hc5c-r8m5-2gfh
was published
for
plone.restapi
(pip)
Sep 21, 2023
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images
Low
CVE-2023-41048
was published
for
plone.namedfile
(pip)
Sep 21, 2023
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Moderate
Unreviewed
CVE-2023-4663
was published
Sep 15, 2023
The Ninja Forms WordPress Ninja Forms Contact Form WordPress plugin before 3.6.26 was affected by...
Moderate
Unreviewed
CVE-2023-4109
was published
Aug 30, 2023
A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco...
Moderate
Unreviewed
CVE-2023-20222
was published
Aug 17, 2023
A vulnerability in the web-based management interface of Cisco Integrated Management Controller ...
Moderate
Unreviewed
CVE-2023-20228
was published
Aug 16, 2023
The Elementor Website Builder WordPress plugin before 3.5.5 does not filter out user-controlled...
Moderate
Unreviewed
CVE-2022-4953
was published
Aug 14, 2023
Critters Cross-site Scripting Vulnerability
Moderate
CVE-2023-3481
was published
for
critters
(npm)
Aug 11, 2023
Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to...
High
Unreviewed
CVE-2023-39217
was published
Aug 8, 2023
Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an...
Critical
Unreviewed
CVE-2023-39216
was published
Aug 8, 2023
A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone...
Moderate
Unreviewed
CVE-2023-20218
was published
Aug 4, 2023
ProTip!
Advisories are also available from the
GraphQL API