GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
40 advisories
Filter by severity
XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile
Critical
CVE-2023-26472
was published
for
org.xwiki.platform:xwiki-platform-icon-ui
(Maven)
Mar 3, 2023
XWiki Platform vulnerable to RXSS via editor parameter - importinline template
Critical
CVE-2023-32071
was published
for
org.xwiki.platform:xwiki-platform-distribution-war
(Maven)
May 9, 2023
Froxlor vulnerable to Improper Encoding or Escaping of Output
Critical
CVE-2023-3668
was published
for
froxlor/froxlor
(Composer)
Jul 14, 2023
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain...
Critical
Unreviewed
CVE-2023-46300
was published
Oct 22, 2023
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain...
Critical
Unreviewed
CVE-2023-46301
was published
Oct 22, 2023
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title
Critical
CVE-2023-45135
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Oct 25, 2023
An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php...
Critical
Unreviewed
CVE-2023-48655
was published
Nov 17, 2023
An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape...
Critical
Unreviewed
CVE-2023-38316
was published
Nov 17, 2023
Django Template Engine Vulnerable to XSS
Critical
CVE-2024-22199
was published
for
github.com/gofiber/template/django/v3
(Go)
Jan 11, 2024
IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to...
Critical
Unreviewed
CVE-2023-47143
was published
Feb 2, 2024
Improper escaping in Apache Zeppelin
Critical
CVE-2024-31866
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter
Critical
CVE-2024-35225
was published
for
jupyter-server-proxy
(pip)
Jun 11, 2024
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an...
Critical
Unreviewed
CVE-2024-38475
was published
Jul 1, 2024
Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows...
Critical
Unreviewed
CVE-2024-38474
was published
Jul 1, 2024
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'),...
Critical
Unreviewed
CVE-2024-7873
was published
Sep 17, 2024
ProTip!
Advisories are also available from the
GraphQL API