Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

123 advisories

Loading
syncthing vulnerable to Cross-site Scripting (XSS) in Web GUI Moderate
CVE-2022-46165 was published for github.com/syncthing/syncthing (Go) Jun 6, 2023
mka-sec
Rancher UI has multiple Cross-Site Scripting (XSS) issues High
CVE-2022-43760 was published for rancher/rancher (Go) Jun 6, 2023
bybit-sec
Gitpod vulnerable to Cross-site Scripting Moderate
CVE-2023-32766 was published for github.com/gitpod-io/gitpod (Go) Jun 5, 2023
Algernon engine and themes vulnerable to Cross-site Scripting Moderate
CVE-2023-26131 was published for github.com/xyproto/algernon (Go) May 31, 2023
Phachon mm-wiki vulnerable to stored cross-site scripting (XSS) Moderate
CVE-2020-19277 was published for github.com/phachon/mm-wiki (Go) Apr 4, 2023
Mattermost vulnerable to cross-site scripting (XSS) Moderate
CVE-2023-1776 was published for github.com/mattermost/mattermost-server (Go) Mar 31, 2023
Grafana Stored Cross-site Scripting in Graphite FunctionDescription tooltip Moderate
CVE-2023-1410 was published for github.com/grafana/grafana (Go) Mar 23, 2023
renniepak
Duplicate Advisory: Grafana Stored Cross-site Scripting vulnerability Moderate
GHSA-3cgw-hfw7-wc7j was published for github.com/grafana/grafana (Go) Mar 23, 2023 withdrawn
Gophish vulnerable to Cross-site Scripting via crafted landing page Moderate
CVE-2022-45004 was published for github.com/gophish/gophish (Go) Mar 22, 2023
Answer vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-1535 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-1536 was published for github.com/answerdev/answer (Go) Mar 21, 2023
imgproxy Cross-site Scripting vulnerability Moderate
CVE-2023-1496 was published for github.com/imgproxy/imgproxy/v3 (Go) Mar 19, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1240 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1241 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1242 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1243 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1237 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1239 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1238 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1245 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1244 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Grafana vulnerable to Stored Cross-site Scripting in Text plugin Moderate
CVE-2023-22462 was published for github.com/grafana/grafana (Go) Mar 1, 2023
Churro michaelkedar
teler-waf contains detection rule bypass via Entities payload Moderate
CVE-2023-26047 was published for github.com/kitabisa/teler-waf (Go) Mar 1, 2023
aidilarf
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload Moderate
CVE-2023-26046 was published for github.com/kitabisa/teler-waf (Go) Mar 1, 2023
aidilarf
Grafana vulnerable to Cross-site Scripting Moderate
CVE-2023-0507 was published for github.com/grafana/grafana (Go) Mar 1, 2023
ProTip! Advisories are also available from the GraphQL API