Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

119 advisories

Loading
Grafana XSS in Dashboard Text Panel Moderate
CVE-2018-18623 was published for github.com/grafana/grafana (Go) Jan 30, 2024
Withdrawn Advisory: Prometheus XSS Vulnerability Moderate
CVE-2019-3826 was published for github.com/prometheus/prometheus (Go) Dec 13, 2023 withdrawn
pdeslaur codeboten
matrix-media-repo: Unsafe media served inline on download endpoints Moderate
CVE-2023-41318 was published for github.com/turt2live/matrix-media-repo (Go) Sep 8, 2023
joshqou
Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint Moderate
CVE-2023-40577 was published for github.com/prometheus/alertmanager (Go) Aug 23, 2023
oxeye-gal oxeye-daniel
Improper rendering of text nodes in golang.org/x/net/html Moderate
CVE-2023-3978 was published for golang.org/x/net (Go) Aug 2, 2023
A stored XSS in jaeger UI might allow an attacker who controls a trace to perform arbitrary jaeger queries Moderate
GHSA-2w8w-qhg4-f78j was published for github.com/jaegertracing/jaeger (Go) Jul 11, 2023
svennergr ngo
Zinc Cross-site Scripting vulnerability Moderate
CVE-2022-32171 was published for github.com/zinclabs/zinc (Go) Jul 6, 2023
Zinc Cross-site Scripting vulnerability Moderate
CVE-2022-32172 was published for github.com/zinclabs/zinc (Go) Jul 6, 2023
Hashicorp Vault vulnerable to Cross-site Scripting Moderate
CVE-2023-2121 was published for github.com/hashicorp/vault (Go) Jun 9, 2023
syncthing vulnerable to Cross-site Scripting (XSS) in Web GUI Moderate
CVE-2022-46165 was published for github.com/syncthing/syncthing (Go) Jun 6, 2023
mka-sec
Rancher UI has multiple Cross-Site Scripting (XSS) issues Moderate
CVE-2022-43760 was published for github.com/rancher/rancher (Go) Jun 6, 2023
bybit-sec andrewpollock
Gitpod vulnerable to Cross-site Scripting Moderate
CVE-2023-32766 was published for github.com/gitpod-io/gitpod (Go) Jun 5, 2023
Algernon engine and themes vulnerable to Cross-site Scripting Moderate
CVE-2023-26131 was published for github.com/xyproto/algernon (Go) May 31, 2023
Phachon mm-wiki vulnerable to stored cross-site scripting (XSS) Moderate
CVE-2020-19277 was published for github.com/phachon/mm-wiki (Go) Apr 4, 2023
Mattermost vulnerable to cross-site scripting (XSS) Moderate
CVE-2023-1776 was published for github.com/mattermost/mattermost-server (Go) Mar 31, 2023
Grafana Stored Cross-site Scripting in Graphite FunctionDescription tooltip Moderate
CVE-2023-1410 was published for github.com/grafana/grafana (Go) Mar 23, 2023
renniepak
Duplicate Advisory: Grafana Stored Cross-site Scripting vulnerability Moderate
GHSA-3cgw-hfw7-wc7j was published for github.com/grafana/grafana (Go) Mar 23, 2023 withdrawn
Gophish vulnerable to Cross-site Scripting via crafted landing page Moderate
CVE-2022-45004 was published for github.com/gophish/gophish (Go) Mar 22, 2023
Answer vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-1535 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-1536 was published for github.com/answerdev/answer (Go) Mar 21, 2023
imgproxy Cross-site Scripting vulnerability Moderate
CVE-2023-1496 was published for github.com/imgproxy/imgproxy/v3 (Go) Mar 19, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1238 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1237 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1239 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1240 was published for github.com/answerdev/answer (Go) Mar 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database