Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

254 advisories

Loading
Dutchoders transfer.sh contains an XSS vulnerability via malicious file upload Moderate
CVE-2022-40931 was published for github.com/dutchcoders/transfer.sh (Go) Sep 30, 2022
Cross site scripting in Cloudreve Moderate
CVE-2022-32167 was published for github.com/HFO4/cloudreve (Go) Sep 21, 2022
renbaoshuo Credited to renbaoshuo
SFTPGo WebClient vulnerable to Cross-site Scripting Moderate
CVE-2022-39220 was published for github.com/drakkan/sftpgo (Go) Sep 20, 2022
ouqiang gocron Cross-site scripting vulnerability Moderate
CVE-2022-40365 was published for github.com/ouqiang/gocron (Go) Sep 15, 2022
Argo CD SSO users vulnerable to Cross-site Scripting Low
CVE-2022-31102 was published for github.com/argoproj/argo-cd (Go) Jul 12, 2022
AdamKorcz Credited to AdamKorcz, DavidKorczynski, and tdunlap607 DavidKorczynski DavidKorczynski
tdunlap607 tdunlap607
Argo CD's external URLs for Deployments can include JavaScript Critical
CVE-2022-31035 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
DavidKorczynski Credited to DavidKorczynski and AdamKorcz AdamKorcz AdamKorcz
Cross-site Scripting vulnerability in repository issue list in Gogs Moderate
CVE-2022-31038 was published for gogs.io/gogs (Go) Jun 8, 2022
wuhan005 Credited to wuhan005
Cross site scripting via cookies in gogs Low
GHSA-pj96-4jhv-v792 was published for gogs.io/gogs (Go) Jun 2, 2022
Stored Cross-site Scripting in gitea Moderate
CVE-2022-1928 was published for code.gitea.io/gitea (Go) May 30, 2022
openark/orchestrator cross-site scripting vulnerability Moderate
CVE-2021-27940 was published for github.com/openark/orchestrator (Go) May 24, 2022
InfluxDB Reflected Cross-site Scripting Moderate
CVE-2018-17572 was published for github.com/influxdata/influxdb (Go) May 24, 2022
Cross-site Scripting in Gogs Moderate
CVE-2022-1464 was published for gogs.io/gogs (Go) May 24, 2022
HashiCorp Consul Cross-site Scripting vulnerability Moderate
CVE-2020-25864 was published for github.com/hashicorp/consul (Go) May 24, 2022
Rancher Cross-site Scripting Vulnerability Moderate
CVE-2021-25313 was published for github.com/rancher/rancher (Go) May 24, 2022
Grafana XSS via a query alias for the ElasticSearch datasource Moderate
CVE-2020-24303 was published for github.com/grafana/grafana (Go) May 24, 2022
Grafana stored XSS Moderate
CVE-2020-11110 was published for github.com/grafana/grafana (Go) May 24, 2022
Mattermost Server vulnerable to XSS via an uploaded file Moderate
CVE-2017-18904 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server vulnerable to XSS through channel headers Moderate
CVE-2017-18907 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server is vulnerable to XSS through display name field Moderate
CVE-2017-18893 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server is vulnerable to XSS through author_link field in Slack attachments Moderate
CVE-2017-18879 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server is vulnerable to XSS attacks against an OAuth 2.0 allow/deny page Moderate
CVE-2017-18877 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server is vulnerable to XSS through crafted links Moderate
CVE-2016-11082 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution Moderate
CVE-2016-11083 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server allows XSS via redirect URL Moderate
CVE-2016-11079 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server allows XSS via CSRF Moderate
CVE-2016-11084 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
ProTip! Advisories are also available from the GraphQL API