Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

367 advisories

Loading
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images Low
CVE-2023-41048 was published for plone.namedfile (pip) Sep 21, 2023
msegoviag
Zope vulnerable to Stored Cross Site Scripting with SVG images Low
CVE-2023-42458 was published for Zope (pip) Sep 21, 2023
mauritsvanrees icemac
cross-site inclusion (XSSI) of files in jupyter-server Moderate
CVE-2023-40170 was published for jupyter-server (pip) Aug 29, 2023
Scancode.io Reflected Cross-Site Scripting (XSS) in license endpoint Moderate
CVE-2023-40024 was published for scancodeio (pip) Aug 15, 2023
0xmpij
wger Workout Manager Cross-site Scripting vulnerability Moderate
CVE-2023-38758 was published for wger (pip) Aug 8, 2023
copyparty vulnerable to reflected cross-site scripting via k304 parameter Moderate
CVE-2023-38501 was published for copyparty (pip) Jul 25, 2023
TheHackyDog
Indico vulnerable to Cross-Site-Scripting via confirmation prompts Moderate
CVE-2023-37901 was published for indico (pip) Jul 21, 2023
ThiefMaster
copyparty vulnerable to reflected cross-site scripting via hc parameter Moderate
GHSA-cw7j-v52w-fp5r was published for copyparty (pip) Jul 21, 2023
TheHackyDog
Whatsapp-Chat-Exporter has Cross-Site Scripting vulnerability in HTML output of chats. Moderate
GHSA-8c6x-g4fw-8rf4 was published for Whatsapp-Chat-Exporter (pip) Jul 10, 2023
KnugiHK
Kiwi TCMS's misconfigured HTTP headers allow stored XSS execution with Firefox High
CVE-2023-36809 was published for kiwitcms (pip) Jul 5, 2023
mnqazi MQ-xz
kiwitcms vulnerable to stored cross-site scripting via unrestricted file upload High
CVE-2023-33977 was published for kiwitcms (pip) Jun 6, 2023
mnqazi
kiwitcms vulnerable to stored XSS via unrestricted files upload Moderate
CVE-2023-32686 was published for kiwitcms (pip) May 22, 2023
antoniospataro mosaa404
ek1ng
Apache Airflow vulnerable to stored Cross-site Scripting Moderate
CVE-2023-29247 was published for apache-airflow (pip) May 8, 2023
Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views High
CVE-2023-28836 was published for wagtail (pip) Apr 3, 2023
thibaudcolas
Kiwi TCMS Stored Cross-site Scripting via SVG file High
CVE-2023-27489 was published for kiwitcms (pip) Mar 30, 2023
antoniospataro richardfan0606
Streamlit publishes previously-patched Cross-site Scripting vulnerability Moderate
CVE-2023-27494 was published for streamlit (pip) Mar 17, 2023
Cross-site Scripting in django-ajax-utilities Moderate
CVE-2017-20182 was published for django-ajax-utilities (pip) Mar 10, 2023
modoboa Cross-site Scripting vulnerability Moderate
CVE-2023-0949 was published for modoboa (pip) Feb 22, 2023
Stored cross site scripting in changedetection.io Moderate
CVE-2023-24769 was published for changedetection.io (pip) Feb 18, 2023
edoardottt
Mayan EDMS DMS XSS vulnerability Moderate
CVE-2022-47419 was published for mayan-edms (pip) Feb 8, 2023
Cross-site Scripting in modoboa Moderate
CVE-2023-0470 was published for modoboa (pip) Jan 27, 2023
Cross-site Scripting in pyload-ng Moderate
CVE-2023-0488 was published for pyload-ng (pip) Jan 27, 2023
Cross-site Scripting in modoboa Moderate
CVE-2023-0519 was published for modoboa (pip) Jan 27, 2023
Apache Superset vulnerable to Cross-site Scripting Moderate
CVE-2022-43717 was published for apache-superset (pip) Jan 16, 2023
Apache Superset is vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-43718 was published for apache-superset (pip) Jan 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database