GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
63 advisories
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Moderate
CVE-2024-38357
was published
for
TinyMCE
(Composer)
Jun 19, 2024
Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality
Moderate
CVE-2024-35240
was published
for
Umbraco.Commerce
(NuGet)
May 28, 2024
Umbraco Forms components vulnerable to Stored Cross-site Scripting
Low
CVE-2024-35239
was published
for
Umbraco.Forms
(NuGet)
May 28, 2024
OWASP.AntiSamy mXSS when preserving comments
Moderate
CVE-2023-51652
was published
for
OWASP.AntiSamy
(NuGet)
Jan 2, 2024
Stored XSS via SVG File Upload
Low
CVE-2023-49279
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
DOM-XSS on Backoffice login screen.
Moderate
CVE-2023-48313
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Moderate
CVE-2023-48219
was published
for
TinyMCE
(Composer)
Nov 15, 2023
TinyMCE XSS vulnerability in notificationManager.open API
Moderate
CVE-2023-45819
was published
for
TinyMCE
(Composer)
Oct 19, 2023
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin
Moderate
CVE-2023-45818
was published
for
TinyMCE
(Composer)
Oct 19, 2023
HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content
Moderate
CVE-2023-44390
was published
for
HtmlSanitizer
(NuGet)
Oct 4, 2023
Duplicate Advisory: jQuery Cross Site Scripting vulnerability
Moderate
CVE-2020-23064
was published
for
jQuery
(RubyGems)
Jun 26, 2023
•
withdrawn
Cross-site scripting vulnerability in TinyMCE alerts
Moderate
CVE-2022-23494
was published
for
TinyMCE
(Composer)
Dec 8, 2022
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text label
Moderate
CVE-2022-31160
was published
for
jQuery.UI.Combined
(RubyGems)
Jul 18, 2022
ProTip!
Advisories are also available from the
GraphQL API