GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
119 advisories
Filter by severity
Hugo does not escape some attributes in internal templates
Moderate
CVE-2024-55601
was published
for
github.com/gohugoio/hugo
(Go)
Dec 9, 2024
Vitess allows HTML injection in /debug/querylogz & /debug/env
Moderate
CVE-2024-53257
was published
for
vitess.io/vitess
(Go)
Dec 3, 2024
Stored XSS using two files in usememos/memos
Moderate
CVE-2023-0109
was published
for
github.com/usememos/memos
(Go)
Nov 15, 2024
Hashicorp Consul Cross-site Scripting vulnerability
Moderate
CVE-2024-10086
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
Alist reflected Cross-Site Scripting vulnerability
Moderate
CVE-2024-47067
was published
for
github.com/alist-org/alist/v3
(Go)
Oct 10, 2024
Gouniverse GoLang CMS vulnerable to Cross-site Scripting
Moderate
CVE-2024-8572
was published
for
github.com/gouniverse/cms
(Go)
Sep 8, 2024
Casdoor has reflected XSS in QrCodePage.js (GHSL-2024-036)
Moderate
CVE-2024-41658
was published
for
github.com/casdoor/casdoor
(Go)
Aug 22, 2024
gotortc Cross-site Scripting vulnerability
Moderate
CVE-2024-29191
was published
for
github.com/AlexxIT/go2rtc
(Go)
Aug 5, 2024
gotortc Cross-site Scripting vulnerability
Moderate
CVE-2024-29193
was published
for
github.com/AlexxIT/go2rtc
(Go)
Aug 5, 2024
memos vulnerable to Server-Side Request Forgery and Cross-site Scripting
Moderate
CVE-2024-29029
was published
for
github.com/usememos/memos
(Go)
Aug 5, 2024
ZITADEL has improper HTML sanitization in emails and Console UI
Moderate
CVE-2024-41953
was published
for
github.com/zitadel/zitadel
(Go)
Jul 31, 2024
Denial of service via malicious preflight requests in github.com/rs/cors
Moderate
GHSA-mh55-gqvf-xfwm
was published
for
github.com/rs/cors
(Go)
Jul 5, 2024
Grafana Spoofing originalUrl of snapshots
Moderate
CVE-2022-39324
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Stored Cross-site Scripting in Unified Alerting
Moderate
CVE-2022-31097
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana proxy Cross-site Scripting
Moderate
CVE-2022-21702
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Hugo Markdown titles do not escaped in internal render hooks
Moderate
CVE-2024-32875
was published
for
github.com/gohugoio/hugo
(Go)
Apr 23, 2024
Apache Answer: XSS vulnerability when changing personal website
Moderate
CVE-2024-29217
was published
for
github.com/apache/incubator-answer
(Go)
Apr 21, 2024
tiagorlampert CHAOS vulnerable to Cross Site Scripting
Moderate
CVE-2024-31839
was published
for
github.com/tiagorlampert/CHAOS
(Go)
Apr 12, 2024
Temporal UI Server cross-site scripting vulnerability
Moderate
CVE-2024-2435
was published
for
github.com/temporalio/ui-server/v2
(Go)
Apr 2, 2024
CA17 TeamsACS Cross Site Scripting vulnerability
Moderate
CVE-2024-22780
was published
for
github.com/ca17/teamsacs
(Go)
Apr 2, 2024
Apache Answer Cross-site Scripting vulnerability
Moderate
CVE-2024-23349
was published
for
github.com/apache/incubator-answer
(Go)
Feb 22, 2024
Cross-site Scripting in github.com/greenpau/caddy-security
Moderate
CVE-2024-21496
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting
Moderate
CVE-2023-52430
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 13, 2024
Grafana Cross-site Scripting (XSS)
Moderate
CVE-2018-12099
was published
for
github.com/grafana/grafana
(Go)
Jan 31, 2024
Grafana XSS via adding a link in General feature
Moderate
CVE-2018-18625
was published
for
github.com/grafana/grafana
(Go)
Jan 30, 2024
ProTip!
Advisories are also available from the
GraphQL API