Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,759
Maven
5,000+
npm
4,365
NuGet
767
pip
4,133
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

380 advisories

Loading
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross... Critical Unreviewed
CVE-2022-25395 was published Mar 4, 2022
A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool... Critical Unreviewed
CVE-2021-42940 was published Feb 12, 2022
Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated... Critical Unreviewed
CVE-2022-21241 was published Feb 9, 2022
BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full... Critical Unreviewed
CVE-2021-31589 was published Feb 8, 2022
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26,... Critical Unreviewed
CVE-2021-24814 was published Feb 8, 2022
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This... Critical Unreviewed
CVE-2022-24123 was published Jan 31, 2022
/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_filter'] in a PHP echo call. Critical Unreviewed
CVE-2022-23993 was published Jan 27, 2022
Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using... Critical Unreviewed
CVE-2021-40909 was published Jan 25, 2022
The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add... Critical Unreviewed
CVE-2022-22769 was published Jan 20, 2022
In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS). The ... Critical Unreviewed
CVE-2022-22114 was published Jan 11, 2022
In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the... Critical Unreviewed
CVE-2022-22115 was published Jan 11, 2022
XSS via prototype pollution in NodeBB Critical
CVE-2021-43787 was published for nodebb (npm) Nov 30, 2021
paul-gerste-sonarsource
Credited to paul-gerste-sonarsource
Inconsistent input sanitisation leads to XSS vectors Critical
CVE-2021-41132 was published for omero-figure (pip) Oct 14, 2021
SQL Injection and Cross-site Scripting in class-validator Critical
CVE-2019-18413 was published for class-validator (npm) Oct 12, 2021
Unsafe defaults in `remark-html` Critical
CVE-2021-39199 was published for remark-html (npm) Sep 7, 2021
matthieusieben
Credited to matthieusieben
Dolibarr Cross-site Scripting vulnerability Critical
CVE-2021-25955 was published for dolibarr/dolibarr (Composer) Aug 30, 2021
keycloak Self Stored Cross-site Scripting vulnerability Critical
CVE-2021-20195 was published for org.keycloak:keycloak-core (Maven) Jun 8, 2021
XSS vulnerability with translator Critical
CVE-2021-32671 was published for flarum/core (Composer) Jun 7, 2021
davwheat
Credited to davwheat
XSS Cross Site Scripting Critical
CVE-2021-29459 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 22, 2021
Cross-site Scripting (XSS) in Eclipse Theia Critical
CVE-2020-27224 was published for @theia/preview (npm) Apr 13, 2021
XSS vulnerability leveraged through referrers could allow un-authorized admin access in Mautic Critical
CVE-2020-35124 was published for mautic/core (Composer) Jan 19, 2021
nvn1729
Credited to nvn1729
XSS in hello.js Critical
CVE-2020-7741 was published for hellojs (npm) Jan 13, 2021
Privilege Escalation in cordova-plugin-inappbrowser Critical
CVE-2019-0219 was published for cordova-plugin-inappbrowser (npm) Sep 4, 2020
Cross-Site Scripting in dompurify Critical
GHSA-mjjq-c88q-qhr6 was published for dompurify (npm) Sep 3, 2020
Cross-Site Scripting in swagger-ui Critical
GHSA-g336-c7wv-8hp3 was published for swagger-ui (npm) Sep 1, 2020
tdunlap607
Credited to tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database