Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

63 advisories

Loading
xwiki-platform-administration-ui vulnerable to privilege escalation Critical
CVE-2023-29511 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability Critical
CVE-2023-29214 was published for org.xwiki.platform:xwiki-platform-panels-ui (Maven) Apr 12, 2023
xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability Critical
CVE-2023-29212 was published for org.xwiki.platform:xwiki-platform-panels-ui (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability Critical
CVE-2023-29211 was published for org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability Critical
CVE-2023-29209 was published for org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability Critical
CVE-2023-29509 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) Apr 12, 2023
org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability Critical
CVE-2023-26477 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) Mar 3, 2023
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml Critical
CVE-2022-41928 was published for org.xwiki.platform:xwiki-platform-attachment-ui (Maven) Nov 21, 2022
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui Critical
CVE-2022-41931 was published for org.xwiki.platform:xwiki-platform-icon-ui (Maven) Nov 21, 2022
React Editable Json Tree vulnerable to arbitrary code execution via function parsing Critical
CVE-2022-36010 was published for react-editable-json-tree (npm) Aug 18, 2022
Phanabani oxyno-zeta
PrestaShop eval injection possible if shop vulnerable to SQL injection Critical
CVE-2022-31181 was published for prestashop/prestashop (Composer) Jul 29, 2022
Remote Code Execution Through Image Uploads in BookStack High
CVE-2020-5256 was published for ssddanbrown/bookstack (Composer) Mar 13, 2020
inc0x0 thiagomayllart
ProTip! Advisories are also available from the GraphQL API