Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

211 advisories

Loading
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title Critical
CVE-2023-45135 was published for org.xwiki.platform:xwiki-platform-web (Maven) Oct 25, 2023
React Developer Tools extension Improper Authorization vulnerability Moderate
CVE-2023-5654 was published for react-devtools-core (npm) Oct 19, 2023
Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device High
CVE-2023-43620 was published for github.com/schollz/croc/v9 (Go) Sep 20, 2023
schollz
OpenZeppelin Contracts vulnerable to Improper Escaping of Output Moderate
CVE-2023-40014 was published for @openzeppelin/contracts (npm) Aug 11, 2023
Critters Cross-site Scripting Vulnerability Moderate
CVE-2023-3481 was published for critters (npm) Aug 11, 2023
PrestaShop XSS injection through Validate::isCleanHTML method High
CVE-2023-39527 was published for prestashop/prestashop (Composer) Aug 9, 2023
RTX TRAP v1.0 was discovered to be vulnerable to host header poisoning. Moderate Unreviewed
CVE-2022-31458 was published Jul 25, 2023
Spring HATEOAS vulnerable to Improper Neutralization of HTTP Headers for Scripting Syntax Moderate
CVE-2023-34036 was published for org.springframework.hateoas:spring-hateoas (Maven) Jul 17, 2023
Froxlor vulnerable to Improper Encoding or Escaping of Output Critical
CVE-2023-3668 was published for froxlor/froxlor (Composer) Jul 14, 2023
Controller DoS due to stack overflow when decoding a message from the server High Unreviewed
CVE-2023-24480 was published Jul 13, 2023
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10,... Moderate Unreviewed
CVE-2023-36919 was published Jul 11, 2023
ProTip! Advisories are also available from the GraphQL API