GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,260
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,483
Swift
61
Unreviewed advisories
All unreviewed
5,000+
254 advisories
Filter by severity
Dutchoders transfer.sh contains an XSS vulnerability via malicious file upload
Moderate
CVE-2022-40931
was published
for
github.com/dutchcoders/transfer.sh
(Go)
Sep 30, 2022
Cross site scripting in Cloudreve
Moderate
CVE-2022-32167
was published
for
github.com/HFO4/cloudreve
(Go)
Sep 21, 2022
SFTPGo WebClient vulnerable to Cross-site Scripting
Moderate
CVE-2022-39220
was published
for
github.com/drakkan/sftpgo
(Go)
Sep 20, 2022
ouqiang gocron Cross-site scripting vulnerability
Moderate
CVE-2022-40365
was published
for
github.com/ouqiang/gocron
(Go)
Sep 15, 2022
Argo CD SSO users vulnerable to Cross-site Scripting
Low
CVE-2022-31102
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 12, 2022
Argo CD's external URLs for Deployments can include JavaScript
Critical
CVE-2022-31035
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
Cross-site Scripting vulnerability in repository issue list in Gogs
Moderate
CVE-2022-31038
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
Cross site scripting via cookies in gogs
Low
GHSA-pj96-4jhv-v792
was published
for
gogs.io/gogs
(Go)
Jun 2, 2022
Stored Cross-site Scripting in gitea
Moderate
CVE-2022-1928
was published
for
code.gitea.io/gitea
(Go)
May 30, 2022
openark/orchestrator cross-site scripting vulnerability
Moderate
CVE-2021-27940
was published
for
github.com/openark/orchestrator
(Go)
May 24, 2022
InfluxDB Reflected Cross-site Scripting
Moderate
CVE-2018-17572
was published
for
github.com/influxdata/influxdb
(Go)
May 24, 2022
Cross-site Scripting in Gogs
Moderate
CVE-2022-1464
was published
for
gogs.io/gogs
(Go)
May 24, 2022
HashiCorp Consul Cross-site Scripting vulnerability
Moderate
CVE-2020-25864
was published
for
github.com/hashicorp/consul
(Go)
May 24, 2022
Rancher Cross-site Scripting Vulnerability
Moderate
CVE-2021-25313
was published
for
github.com/rancher/rancher
(Go)
May 24, 2022
Grafana XSS via a query alias for the ElasticSearch datasource
Moderate
CVE-2020-24303
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Grafana stored XSS
Moderate
CVE-2020-11110
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Mattermost Server vulnerable to XSS via an uploaded file
Moderate
CVE-2017-18904
was published
for
github.com/mattermost/mattermost-server
(Go)
May 24, 2022
Mattermost Server vulnerable to XSS through channel headers
Moderate
CVE-2017-18907
was published
for
github.com/mattermost/mattermost-server
(Go)
May 24, 2022
Mattermost Server is vulnerable to XSS through display name field
Moderate
CVE-2017-18893
was published
for
github.com/mattermost/mattermost-server
(Go)
May 24, 2022
Mattermost Server is vulnerable to XSS through author_link field in Slack attachments
Moderate
CVE-2017-18879
was published
for
github.com/mattermost/mattermost-server
(Go)
May 24, 2022
Mattermost Server is vulnerable to XSS attacks against an OAuth 2.0 allow/deny page
Moderate
CVE-2017-18877
was published
for
github.com/mattermost/mattermost-server
(Go)
May 24, 2022
Mattermost Server is vulnerable to XSS through crafted links
Moderate
CVE-2016-11082
was published
for
github.com/mattermost/mattermost-server
(Go)
May 24, 2022
Mattermost Server: Files may be rendered inline instead of downloaded, allowing script execution
Moderate
CVE-2016-11083
was published
for
github.com/mattermost/mattermost-server
(Go)
May 24, 2022
Mattermost Server allows XSS via redirect URL
Moderate
CVE-2016-11079
was published
for
github.com/mattermost/mattermost-server
(Go)
May 24, 2022
Mattermost Server allows XSS via CSRF
Moderate
CVE-2016-11084
was published
for
github.com/mattermost/mattermost-server
(Go)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API