GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
123 advisories
Filter by severity
studygolang vulnerable to cross-site scripting
Moderate
CVE-2021-4272
was published
for
github.com/studygolang/studygolang
(Go)
Dec 21, 2022
leanote vulnerable to cross-site scripting
Moderate
CVE-2021-4263
was published
for
github.com/leanote/leanote
(Go)
Dec 21, 2022
Memos Cross-site Scripting vulnerability
Moderate
CVE-2022-4609
was published
for
github.com/usememos/memos
(Go)
Dec 19, 2022
csaf-poc/csaf_distribution Cross-site Scripting vulnerability
Moderate
CVE-2022-43996
was published
for
github.com/csaf-poc/csaf_distribution
(Go)
Dec 14, 2022
Alist Cross-site Scripting vulnerability
Moderate
CVE-2022-45970
was published
for
github.com/alist-org/alist/v3
(Go)
Dec 12, 2022
teler dashboard vulnerable to DOM-based cross-site scripting (XSS)
Low
CVE-2022-23466
was published
for
teler.app
(Go)
Dec 6, 2022
mm-wiki is vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2021-40289
was published
for
github.com/phachon/mm-wiki
(Go)
Nov 10, 2022
Gogs vulnerable to Cross-site Scripting
Critical
CVE-2022-32174
was published
for
gogs.io/gogs
(Go)
Oct 11, 2022
Dutchoders transfer.sh contains an XSS vulnerability via malicious file upload
Moderate
CVE-2022-40931
was published
for
github.com/dutchcoders/transfer.sh
(Go)
Sep 30, 2022
Cross site scripting in Cloudreve
Moderate
CVE-2022-32167
was published
for
github.com/HFO4/cloudreve
(Go)
Sep 21, 2022
SFTPGo WebClient vulnerable to Cross-site Scripting
Moderate
CVE-2022-39220
was published
for
github.com/drakkan/sftpgo
(Go)
Sep 20, 2022
ouqiang gocron Cross-site scripting vulnerability
Moderate
CVE-2022-40365
was published
for
github.com/ouqiang/gocron
(Go)
Sep 15, 2022
Argo CD SSO users vulnerable to Cross-site Scripting
Low
CVE-2022-31102
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 12, 2022
Argo CD's external URLs for Deployments can include JavaScript
Critical
CVE-2022-31035
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
Cross-site Scripting vulnerability in repository issue list in Gogs
Moderate
CVE-2022-31038
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
Cross site scripting via cookies in gogs
Low
GHSA-pj96-4jhv-v792
was published
for
gogs.io/gogs
(Go)
Jun 2, 2022
Stored Cross-site Scripting in gitea
Moderate
CVE-2022-1928
was published
for
code.gitea.io/gitea
(Go)
May 30, 2022
openark/orchestrator cross-site scripting vulnerability
Moderate
CVE-2021-27940
was published
for
github.com/openark/orchestrator
(Go)
May 24, 2022
InfluxDB Reflected Cross-site Scripting
Moderate
CVE-2018-17572
was published
for
github.com/influxdata/influxdb
(Go)
May 24, 2022
Cross-site Scripting in Gogs
Moderate
CVE-2022-1464
was published
for
gogs.io/gogs
(Go)
May 24, 2022
HashiCorp Consul Cross-site Scripting vulnerability
Moderate
CVE-2020-25864
was published
for
github.com/hashicorp/consul
(Go)
May 24, 2022
Rancher Cross-site Scripting Vulnerability
Moderate
CVE-2021-25313
was published
for
github.com/rancher/rancher
(Go)
May 24, 2022
Grafana XSS via a query alias for the ElasticSearch datasource
Moderate
CVE-2020-24303
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Grafana stored XSS
Moderate
CVE-2020-11110
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Grafana XSS via a column style
Moderate
CVE-2018-18624
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API