Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,405
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,641
Pub
13
RubyGems
1,026
Rust
1,209
Swift
53
Unreviewed advisories
All unreviewed
5,000+

418 advisories

Loading
org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted Critical
CVE-2023-36471 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Jun 30, 2023
XWiki Platform vulnerable to persistent Cross-site Scripting through CKEditor Configuration pages Critical
CVE-2023-36477 was published for org.xwiki.contrib:application-ckeditor-ui (Maven) Jun 30, 2023
Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC Critical
CVE-2022-4361 was published for org.keycloak:keycloak-services (Maven) Jun 30, 2023
magicOz Credited to magicOz
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page Critical
CVE-2023-35161 was published for org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven) Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template Critical
CVE-2023-35160 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template Critical
CVE-2023-35159 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Jun 22, 2023
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template Critical
CVE-2023-35156 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Jun 22, 2023
XWiki Platform vulnerable to cross-site scripting via xcontinue parameter in previewactions template Critical
CVE-2023-35162 was published for org.xwiki.platform:xwiki-platform-flamingo-skin-resources (Maven) Jun 20, 2023
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters Critical
CVE-2023-35153 was published for org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven) Jun 20, 2023
renniepak Credited to renniepak
XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template Critical
CVE-2023-34464 was published for org.xwiki.platform:xwiki-platform-web (Maven) Jun 20, 2023
TeamPass vulnerable to stored Cross-site Scripting Critical
CVE-2023-3086 was published for nilsteampassnet/teampass (Composer) Jun 3, 2023
An issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can... Critical Unreviewed
CVE-2022-45938 was published Jun 2, 2023
An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker... Critical Unreviewed
CVE-2023-28347 was published May 31, 2023
XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to... Critical Unreviewed
CVE-2023-21516 was published May 27, 2023
Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management... Critical Unreviewed
CVE-2023-31703 was published May 17, 2023
Improper Neutralization of Script in Attributes in XWiki (X)HTML renderers Critical
CVE-2023-32070 was published for org.xwiki.platform:xwiki-core-rendering-api (Maven) May 11, 2023
Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xml Critical
CVE-2023-31126 was published for org.xwiki.commons:xwiki-commons-xml (Maven) May 9, 2023
XWiki Platform vulnerable to RXSS via editor parameter - importinline template Critical
CVE-2023-32071 was published for org.xwiki.platform:xwiki-platform-distribution-war (Maven) May 9, 2023
An improper neutralization of input during web page generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2023-22637 was published May 4, 2023
Duplicate Advisory: AVideo contains Command injection when embedding a video link Critical
GHSA-wj6r-53f5-q789 was published for wwbn/avideo (Composer) Apr 25, 2023 withdrawn
Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml Critical
CVE-2023-29528 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Apr 20, 2023
Ynoof5 Credited to Ynoof5
org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins Critical
CVE-2023-29206 was published for org.xwiki.platform:xwiki-platform-skin-skinx (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro Critical
CVE-2023-29205 was published for org.xwiki.platform:xwiki-platform-rendering-xwiki (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability Critical
CVE-2023-29202 was published for org.xwiki.platform:xwiki-core-rendering-macro-rss (Maven) Apr 12, 2023
org.xwiki.commons:xwiki-commons-xml Cross-site Scripting vulnerability Critical
CVE-2023-29201 was published for org.xwiki.commons:xwiki-commons-xml (Maven) Apr 12, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database