Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

123 advisories

Loading
studygolang vulnerable to cross-site scripting Moderate
CVE-2021-4272 was published for github.com/studygolang/studygolang (Go) Dec 21, 2022
andrewpollock
leanote vulnerable to cross-site scripting Moderate
CVE-2021-4263 was published for github.com/leanote/leanote (Go) Dec 21, 2022
Memos Cross-site Scripting vulnerability Moderate
CVE-2022-4609 was published for github.com/usememos/memos (Go) Dec 19, 2022
csaf-poc/csaf_distribution Cross-site Scripting vulnerability Moderate
CVE-2022-43996 was published for github.com/csaf-poc/csaf_distribution (Go) Dec 14, 2022
tdunlap607
Alist Cross-site Scripting vulnerability Moderate
CVE-2022-45970 was published for github.com/alist-org/alist/v3 (Go) Dec 12, 2022
teler dashboard vulnerable to DOM-based cross-site scripting (XSS) Low
CVE-2022-23466 was published for teler.app (Go) Dec 6, 2022
mm-wiki is vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2021-40289 was published for github.com/phachon/mm-wiki (Go) Nov 10, 2022
Gogs vulnerable to Cross-site Scripting Critical
CVE-2022-32174 was published for gogs.io/gogs (Go) Oct 11, 2022
Dutchoders transfer.sh contains an XSS vulnerability via malicious file upload Moderate
CVE-2022-40931 was published for github.com/dutchcoders/transfer.sh (Go) Sep 30, 2022
Cross site scripting in Cloudreve Moderate
CVE-2022-32167 was published for github.com/HFO4/cloudreve (Go) Sep 21, 2022
renbaoshuo
SFTPGo WebClient vulnerable to Cross-site Scripting Moderate
CVE-2022-39220 was published for github.com/drakkan/sftpgo (Go) Sep 20, 2022
ouqiang gocron Cross-site scripting vulnerability Moderate
CVE-2022-40365 was published for github.com/ouqiang/gocron (Go) Sep 15, 2022
Argo CD SSO users vulnerable to Cross-site Scripting Low
CVE-2022-31102 was published for github.com/argoproj/argo-cd (Go) Jul 12, 2022
AdamKorcz DavidKorczynski
tdunlap607
Argo CD's external URLs for Deployments can include JavaScript Critical
CVE-2022-31035 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
DavidKorczynski AdamKorcz
Cross-site Scripting vulnerability in repository issue list in Gogs Moderate
CVE-2022-31038 was published for gogs.io/gogs (Go) Jun 8, 2022
wuhan005
Cross site scripting via cookies in gogs Low
GHSA-pj96-4jhv-v792 was published for gogs.io/gogs (Go) Jun 2, 2022
Stored Cross-site Scripting in gitea Moderate
CVE-2022-1928 was published for code.gitea.io/gitea (Go) May 30, 2022
openark/orchestrator cross-site scripting vulnerability Moderate
CVE-2021-27940 was published for github.com/openark/orchestrator (Go) May 24, 2022
InfluxDB Reflected Cross-site Scripting Moderate
CVE-2018-17572 was published for github.com/influxdata/influxdb (Go) May 24, 2022
Cross-site Scripting in Gogs Moderate
CVE-2022-1464 was published for gogs.io/gogs (Go) May 24, 2022
HashiCorp Consul Cross-site Scripting vulnerability Moderate
CVE-2020-25864 was published for github.com/hashicorp/consul (Go) May 24, 2022
Rancher Cross-site Scripting Vulnerability Moderate
CVE-2021-25313 was published for github.com/rancher/rancher (Go) May 24, 2022
Grafana XSS via a query alias for the ElasticSearch datasource Moderate
CVE-2020-24303 was published for github.com/grafana/grafana (Go) May 24, 2022
Grafana stored XSS Moderate
CVE-2020-11110 was published for github.com/grafana/grafana (Go) May 24, 2022
Grafana XSS via a column style Moderate
CVE-2018-18624 was published for github.com/grafana/grafana (Go) May 24, 2022
ProTip! Advisories are also available from the GraphQL API