Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

29,442 advisories

Loading
ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2023-24690 was published Feb 10, 2023
An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute... Moderate Unreviewed
CVE-2023-24686 was published Feb 10, 2023
Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local... Moderate Unreviewed
CVE-2023-21434 was published Feb 9, 2023
A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of... Moderate Unreviewed
CVE-2023-24322 was published Feb 9, 2023
Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability... Moderate Unreviewed
CVE-2023-24687 was published Feb 9, 2023
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration... Moderate Unreviewed
CVE-2022-21939 was published Feb 9, 2023
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls... Moderate Unreviewed
CVE-2022-21940 was published Feb 9, 2023
OrangeScrum version 2.0.11 allows an external attacker to obtain arbitrary user accounts from the... Moderate Unreviewed
CVE-2023-0624 was published Feb 9, 2023
TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering High
CVE-2023-24814 was published for typo3/cms (Composer) Feb 8, 2023
bnf
IBM Infosphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability... Moderate Unreviewed
CVE-2023-23475 was published Feb 8, 2023
Cross-site scripting (XSS) vulnerability in EyouCMS v1.6.0 allows attackers to execute arbitrary... Moderate Unreviewed
CVE-2022-45755 was published Feb 8, 2023
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. Moderate Unreviewed
CVE-2023-0747 was published Feb 8, 2023
The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters... Moderate Unreviewed
CVE-2022-2094 was published Feb 8, 2023
Answer has Cross-site Scripting vulnerability Critical
CVE-2023-0741 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Answer subject to Cross-site Scripting vulnerability Critical
CVE-2023-0743 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Cross-site scripting vulnerability found in answerdev/answer Critical
CVE-2023-0740 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Answer contains Cross-site Scripting vulnerability Critical
CVE-2023-0742 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Given a malicious document provided by an attacker, the OpenKM DMS is vulnerable to a stored ... Moderate Unreviewed
CVE-2022-47413 was published Feb 8, 2023
If an attacker has access to the console for OpenKM (and is authenticated), a stored XSS... Moderate Unreviewed
CVE-2022-47414 was published Feb 8, 2023
The Interactive Geo Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via... Moderate Unreviewed
CVE-2023-0731 was published Feb 8, 2023
LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type... Moderate Unreviewed
CVE-2022-47417 was published Feb 8, 2023
LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type... Moderate Unreviewed
CVE-2022-47418 was published Feb 8, 2023
LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type II") cross-site scripting ... Moderate Unreviewed
CVE-2022-47416 was published Feb 8, 2023
LogicalDOC Enterprise and Community Edition (CE) are vulnerable to a stored (persistent, or "Type... Moderate Unreviewed
CVE-2022-47415 was published Feb 8, 2023
An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was... Moderate Unreviewed
CVE-2022-47419 was published Feb 8, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database