Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,758
Maven
5,000+
npm
4,364
NuGet
766
pip
4,132
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

380 advisories

Loading
The Jetpack Scan team identified a Reflected Cross-Site Scripting via the... Critical Unreviewed
CVE-2021-24229 was published May 24, 2022
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress... Critical Unreviewed
CVE-2021-43047 was published May 24, 2022
In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names... Critical Unreviewed
CVE-2021-43523 was published May 24, 2022
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail"... Critical Unreviewed
CVE-2021-24693 was published May 24, 2022
Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute... Critical Unreviewed
CVE-2020-20982 was published May 24, 2022
Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute... Critical Unreviewed
CVE-2020-23718 was published May 24, 2022
Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in... Critical Unreviewed
CVE-2020-23719 was published May 24, 2022
Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP... Critical Unreviewed
CVE-2020-23754 was published May 24, 2022
The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags... Critical Unreviewed
CVE-2021-24884 was published May 24, 2022
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before... Critical Unreviewed
CVE-2021-23038 was published May 24, 2022
On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross... Critical Unreviewed
CVE-2021-23037 was published May 24, 2022
This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to... Critical Unreviewed
CVE-2021-35222 was published May 24, 2022
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a... Critical Unreviewed
CVE-2021-3693 was published May 24, 2022
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a... Critical Unreviewed
CVE-2021-3694 was published May 24, 2022
Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore... Critical Unreviewed
CVE-2021-33501 was published May 24, 2022
A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an... Critical Unreviewed
CVE-2021-3529 was published May 24, 2022
A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS)... Critical Unreviewed
CVE-2020-27832 was published May 24, 2022
Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command... Critical Unreviewed
CVE-2021-31761 was published May 24, 2022
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness... Critical Unreviewed
CVE-2021-0268 was published May 24, 2022
The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise... Critical Unreviewed
CVE-2021-28827 was published May 24, 2022
The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the... Critical Unreviewed
CVE-2021-24228 was published May 24, 2022
Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote... Critical Unreviewed
CVE-2021-29996 was published May 24, 2022
myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary... Critical Unreviewed
CVE-2020-28149 was published May 24, 2022
components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote... Critical Unreviewed
CVE-2021-3210 was published May 24, 2022
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back... Critical Unreviewed
CVE-2020-13407 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database