GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
123 advisories
Grafana Spoofing originalUrl of snapshots
Moderate
CVE-2022-39324
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Hugo Markdown titles do not escaped in internal render hooks
Moderate
CVE-2024-32875
was published
for
github.com/gohugoio/hugo
(Go)
Apr 23, 2024
Cross-site scripting on application summary component
Critical
CVE-2024-28175
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 15, 2024
Django Template Engine Vulnerable to XSS
Critical
CVE-2024-22199
was published
for
github.com/gofiber/template/django/v3
(Go)
Jan 11, 2024
Withdrawn Advisory: Prometheus XSS Vulnerability
Moderate
CVE-2019-3826
was published
for
github.com/prometheus/prometheus
(Go)
Dec 13, 2023
•
withdrawn
Cross-site Scripting via missing Binding syntax validation
High
CVE-2023-45683
was published
for
github.com/crewjam/saml
(Go)
Oct 17, 2023
matrix-media-repo: Unsafe media served inline on download endpoints
Moderate
CVE-2023-41318
was published
for
github.com/turt2live/matrix-media-repo
(Go)
Sep 8, 2023
Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint
Moderate
CVE-2023-40577
was published
for
github.com/prometheus/alertmanager
(Go)
Aug 23, 2023
A stored XSS in jaeger UI might allow an attacker who controls a trace to perform arbitrary jaeger queries
Moderate
GHSA-2w8w-qhg4-f78j
was published
for
github.com/jaegertracing/jaeger
(Go)
Jul 11, 2023
ProTip!
Advisories are also available from the
GraphQL API