Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

254 advisories

Loading
Authentication Bypass by Spoofing in github.com/greenpau/caddy-security Moderate
CVE-2024-21494 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Cross-site Scripting in github.com/greenpau/caddy-security Moderate
CVE-2024-21496 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting Moderate
CVE-2023-52430 was published for github.com/greenpau/caddy-security (Go) Feb 13, 2024
Grafana Cross-site Scripting (XSS) Moderate
CVE-2018-12099 was published for github.com/grafana/grafana (Go) Jan 31, 2024
Grafana XSS via adding a link in General feature Moderate
CVE-2018-18625 was published for github.com/grafana/grafana (Go) Jan 30, 2024
Grafana XSS in Dashboard Text Panel Moderate
CVE-2018-18623 was published for github.com/grafana/grafana (Go) Jan 30, 2024
Django Template Engine Vulnerable to XSS Critical
CVE-2024-22199 was published for github.com/gofiber/template/django/v3 (Go) Jan 11, 2024
bastianwegge Credited to bastianwegge, sixcolors, gaby, ReneWerner87, and efectn sixcolors sixcolors
gaby gaby ReneWerner87 ReneWerner87 efectn efectn
Mattermost Cross-site Scripting vulnerability Low
CVE-2023-7113 was published for github.com/mattermost/mattermost/server/v8 (Go) Dec 29, 2023
Withdrawn Advisory: Prometheus XSS Vulnerability Moderate
CVE-2019-3826 was published for github.com/prometheus/prometheus (Go) Dec 13, 2023 withdrawn
pdeslaur Credited to pdeslaur and codeboten codeboten codeboten
Cross-site Scripting via missing Binding syntax validation High
CVE-2023-45683 was published for github.com/crewjam/saml (Go) Oct 17, 2023
anaximand3r Credited to anaximand3r
matrix-media-repo: Unsafe media served inline on download endpoints Moderate
CVE-2023-41318 was published for github.com/turt2live/matrix-media-repo (Go) Sep 8, 2023
joshqou Credited to joshqou
Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint Moderate
CVE-2023-40577 was published for github.com/prometheus/alertmanager (Go) Aug 23, 2023
oxeye-gal Credited to oxeye-gal and oxeye-daniel oxeye-daniel oxeye-daniel
Improper rendering of text nodes in golang.org/x/net/html Moderate
CVE-2023-3978 was published for golang.org/x/net (Go) Aug 2, 2023
A stored XSS in jaeger UI might allow an attacker who controls a trace to perform arbitrary jaeger queries Moderate
GHSA-2w8w-qhg4-f78j was published for github.com/jaegertracing/jaeger (Go) Jul 11, 2023
svennergr Credited to svennergr and ngo ngo ngo
Zinc Cross-site Scripting vulnerability Moderate
CVE-2022-32172 was published for github.com/zinclabs/zinc (Go) Jul 6, 2023
Zinc Cross-site Scripting vulnerability Moderate
CVE-2022-32171 was published for github.com/zinclabs/zinc (Go) Jul 6, 2023
Hashicorp Vault vulnerable to Cross-site Scripting Moderate
CVE-2023-2121 was published for github.com/hashicorp/vault (Go) Jun 9, 2023
syncthing vulnerable to Cross-site Scripting (XSS) in Web GUI Moderate
CVE-2022-46165 was published for github.com/syncthing/syncthing (Go) Jun 6, 2023
mka-sec Credited to mka-sec
Rancher UI has multiple Cross-Site Scripting (XSS) issues Moderate
CVE-2022-43760 was published for github.com/rancher/rancher (Go) Jun 6, 2023
bybit-sec Credited to bybit-sec and andrewpollock andrewpollock andrewpollock
Gitpod vulnerable to Cross-site Scripting Moderate
CVE-2023-32766 was published for github.com/gitpod-io/gitpod (Go) Jun 5, 2023
Algernon engine and themes vulnerable to Cross-site Scripting Moderate
CVE-2023-26131 was published for github.com/xyproto/algernon (Go) May 31, 2023
Phachon mm-wiki vulnerable to stored cross-site scripting (XSS) Moderate
CVE-2020-19277 was published for github.com/phachon/mm-wiki (Go) Apr 4, 2023
Mattermost vulnerable to cross-site scripting (XSS) Moderate
CVE-2023-1776 was published for github.com/mattermost/mattermost-server (Go) Mar 31, 2023
Grafana Stored Cross-site Scripting in Graphite FunctionDescription tooltip Moderate
CVE-2023-1410 was published for github.com/grafana/grafana (Go) Mar 23, 2023
renniepak Credited to renniepak
Duplicate Advisory: Grafana Stored Cross-site Scripting vulnerability Moderate
GHSA-3cgw-hfw7-wc7j was published for github.com/grafana/grafana (Go) Mar 23, 2023 withdrawn
ProTip! Advisories are also available from the GraphQL API