Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

143 advisories

Loading
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template Critical
CVE-2023-35156 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Jun 22, 2023
XWiki Platform vulnerable to cross-site scripting via xcontinue parameter in previewactions template Critical
CVE-2023-35162 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Jun 20, 2023
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters Critical
CVE-2023-35153 was published for org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven) Jun 20, 2023
renniepak Credited to renniepak
XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template Critical
CVE-2023-34464 was published for org.xwiki.platform:xwiki-platform-web (Maven) Jun 20, 2023
TeamPass vulnerable to stored Cross-site Scripting Critical
CVE-2023-3086 was published for nilsteampassnet/teampass (Composer) Jun 3, 2023
Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers Critical
CVE-2023-32070 was published for org.xwiki.platform:xwiki-core-rendering-api (Maven) May 11, 2023
Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml Critical
CVE-2023-31126 was published for org.xwiki.commons:xwiki-commons-xml (Maven) May 9, 2023
XWiki Platform vulnerable to RXSS via editor parameter - importinline template Critical
CVE-2023-32071 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) May 9, 2023
Duplicate Advisory: AVideo contains Command injection when embedding a video link Critical
GHSA-wj6r-53f5-q789 was published for wwbn/avideo (Composer) Apr 25, 2023 withdrawn
Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml Critical
CVE-2023-29528 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Apr 20, 2023
Ynoof5 Credited to Ynoof5
org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins Critical
CVE-2023-29206 was published for org.xwiki.platform:xwiki-platform-skin-skinx (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro Critical
CVE-2023-29205 was published for org.xwiki.platform:xwiki-platform-rendering-xwiki (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability Critical
CVE-2023-29202 was published for org.xwiki.platform:xwiki-core-rendering-macro-rss (Maven) Apr 12, 2023
org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability Critical
CVE-2023-29201 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Apr 12, 2023
Withdrawn: SQL injection in Yii 2 Critical
CVE-2023-26750 was published for yiisoft/yii2 (Composer) Apr 4, 2023 withdrawn
ccchapman Credited to ccchapman and iBotPeaches iBotPeaches iBotPeaches
Cross-site Scripting in kimai/kimai Critical
CVE-2020-19825 was published for kimai/kimai (Composer) Feb 16, 2023
Cross-site scripting vulnerability found in answerdev/answer Critical
CVE-2023-0740 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Answer contains Cross-site Scripting vulnerability Critical
CVE-2023-0742 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Answer subject to Cross-site Scripting vulnerability Critical
CVE-2023-0743 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Answer has Cross-site Scripting vulnerability Critical
CVE-2023-0741 was published for github.com/answerdev/answer (Go) Feb 8, 2023
tinymighty WikiSEO is vulnerable to cross-site scripting via modifyHTML function Critical
CVE-2015-10073 was published for tinymighty/wiki-seo (Composer) Feb 6, 2023
AVideo contains Command injection when embedding a video link Critical
CVE-2023-25313 was published for wwbn/avideo (Composer) Feb 2, 2023
gonzxph Credited to gonzxph
usememos/memos vulnerable to Cross-site Scripting Critical
CVE-2022-4866 was published for github.com/usememos/memos (Go) Dec 31, 2022
usememos/memos Cross-site Scripting vulnerability Critical
CVE-2022-4865 was published for github.com/usememos/memos (Go) Dec 31, 2022
PyroCMS vulnerable to stored Cross Site Scripting Critical
CVE-2022-37721 was published for pyrocms/pyrocms (Composer) Nov 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database