GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
123 advisories
Filter by severity
Grafana Spoofing originalUrl of snapshots
Moderate
CVE-2022-39324
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Stored Cross-site Scripting in Unified Alerting
High
CVE-2022-31097
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana proxy Cross-site Scripting
Moderate
CVE-2022-21702
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Hugo Markdown titles do not escaped in internal render hooks
Moderate
CVE-2024-32875
was published
for
github.com/gohugoio/hugo
(Go)
Apr 23, 2024
Apache Answer: XSS vulnerability when changing personal website
Moderate
CVE-2024-29217
was published
for
github.com/apache/incubator-answer
(Go)
Apr 21, 2024
tiagorlampert CHAOS vulnerable to Cross Site Scripting
Moderate
CVE-2024-31839
was published
for
github.com/tiagorlampert/CHAOS
(Go)
Apr 12, 2024
Temporal UI Server cross-site scripting vulnerability
Moderate
CVE-2024-2435
was published
for
github.com/temporalio/ui-server/v2
(Go)
Apr 2, 2024
CA17 TeamsACS Cross Site Scripting vulnerability
Moderate
CVE-2024-22780
was published
for
github.com/ca17/teamsacs
(Go)
Apr 2, 2024
Cross-site scripting on application summary component
Critical
CVE-2024-28175
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 15, 2024
Apache Answer Cross-site Scripting vulnerability
Moderate
CVE-2024-23349
was published
for
github.com/apache/incubator-answer
(Go)
Feb 22, 2024
Cross-site Scripting in github.com/greenpau/caddy-security
Moderate
CVE-2024-21496
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
Grafana Cross-site Scripting (XSS)
Moderate
CVE-2018-12099
was published
for
github.com/grafana/grafana
(Go)
Jan 31, 2024
Grafana XSS via adding a link in General feature
Moderate
CVE-2018-18625
was published
for
github.com/grafana/grafana
(Go)
Jan 30, 2024
Grafana XSS in Dashboard Text Panel
Moderate
CVE-2018-18623
was published
for
github.com/grafana/grafana
(Go)
Jan 30, 2024
Django Template Engine Vulnerable to XSS
Critical
CVE-2024-22199
was published
for
github.com/gofiber/template/django/v3
(Go)
Jan 11, 2024
Mattermost Cross-site Scripting vulnerability
Low
CVE-2023-7113
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Dec 29, 2023
Withdrawn Advisory: Prometheus XSS Vulnerability
Moderate
CVE-2019-3826
was published
for
github.com/prometheus/prometheus
(Go)
Dec 13, 2023
•
withdrawn
Cross-site Scripting via missing Binding syntax validation
High
CVE-2023-45683
was published
for
github.com/crewjam/saml
(Go)
Oct 17, 2023
matrix-media-repo: Unsafe media served inline on download endpoints
Moderate
CVE-2023-41318
was published
for
github.com/turt2live/matrix-media-repo
(Go)
Sep 8, 2023
Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint
Moderate
CVE-2023-40577
was published
for
github.com/prometheus/alertmanager
(Go)
Aug 23, 2023
Improper rendering of text nodes in golang.org/x/net/html
Moderate
CVE-2023-3978
was published
for
golang.org/x/net
(Go)
Aug 2, 2023
A stored XSS in jaeger UI might allow an attacker who controls a trace to perform arbitrary jaeger queries
Moderate
GHSA-2w8w-qhg4-f78j
was published
for
github.com/jaegertracing/jaeger
(Go)
Jul 11, 2023
Zinc Cross-site Scripting vulnerability
Moderate
CVE-2022-32171
was published
for
github.com/zinclabs/zinc
(Go)
Jul 6, 2023
Zinc Cross-site Scripting vulnerability
Moderate
CVE-2022-32172
was published
for
github.com/zinclabs/zinc
(Go)
Jul 6, 2023
Hashicorp Vault vulnerable to Cross-site Scripting
Moderate
CVE-2023-2121
was published
for
github.com/hashicorp/vault
(Go)
Jun 9, 2023
ProTip!
Advisories are also available from the
GraphQL API