Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,746
Erlang
35
GitHub Actions
29
Go
2,319
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
920
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,682 advisories

Loading
GraphiQL introspection schema template injection attack High
CVE-2021-41248 was published for graphiql (npm) Nov 8, 2021
Ry0taK
Clipboard-based XSS High
CVE-2021-41086 was published for jsuites (npm) Sep 22, 2021
intrigus-lgtm bananabr
erik-krogh
Stored XSS vulnerability on Bounce Management Callback High
CVE-2021-27910 was published for mautic/core (Composer) Sep 1, 2021
tdunlap607
XSS vulnerability on contacts view High
CVE-2021-27911 was published for mautic/core (Composer) Sep 1, 2021
MatisAct rohitp19
XSS vulnerability on asset view High
CVE-2021-27912 was published for mautic/core (Composer) Sep 1, 2021
MatisAct rohitp19
XSS in Image Optimization API for Next.js High
CVE-2021-39178 was published for next (npm) Sep 1, 2021
tdunlap607
Improper Neutralization of Text-Values in Object Version Preview High
CVE-2021-39166 was published for pimcore/pimcore (Composer) Sep 1, 2021
Improper Encoding or Escaping of Output in Asset Metadata Component High
CVE-2021-39170 was published for pimcore/pimcore (Composer) Sep 1, 2021
Cross-site scripting vulnerability in file upload High
CVE-2021-39136 was published for baserproject/basercms (Composer) Aug 30, 2021
XSS in mdBook High
CVE-2020-26297 was published for mdBook (Rust) Aug 25, 2021
vavkamil
Cross-Site Scripting via SVG media files High
CVE-2021-37710 was published for shopware/core (Composer) Aug 23, 2021
Fake objects feature vulnerability allowing to execute JavaScript code using malformed HTML. High
CVE-2021-37695 was published for ckeditor4 (npm) Aug 23, 2021
Widget feature vulnerability allowing to execute JavaScript code using undo functionality High
CVE-2021-32808 was published for ckeditor4 (npm) Aug 23, 2021
Special Element Injection in notebook High
CVE-2021-32798 was published for notebook (pip) Aug 23, 2021
0xDeva
Cross-site scripting High
CVE-2021-21422 was published for mongo-express (npm) Jun 28, 2021
JafarAkhondali
Reflected XSS from the callback handler's error query parameter High
CVE-2021-32702 was published for @auth0/nextjs-auth0 (npm) Jun 28, 2021
inian git-ishanpatel
Cross-Site Scripting High
CVE-2021-20293 was published for org.jboss.resteasy:resteasy-bom (Maven) Jun 15, 2021
Duplicate Advisory: Reflected cross-site scripting issue in Datasette High
GHSA-gff3-739c-gxfq was published for datasette (pip) Jun 10, 2021 withdrawn
Reflected XSS when using flashMessages or languageDictionary High
CVE-2021-32641 was published for auth0-lock (npm) Jun 4, 2021
Rancher Vulnerable to Cross-site Request Forgery (CSRF) High
CVE-2019-13209 was published for github.com/rancher/rancher (Go) May 18, 2021
Insecure template handling in haml-coffee High
CVE-2021-32818 was published for haml-coffee (npm) May 17, 2021
Code injection in keycloak High
CVE-2021-20222 was published for org.keycloak:keycloak-parent (Maven) May 13, 2021
Injection and Cross-site Scripting in osm-static-maps High
CVE-2020-7749 was published for osm-static-maps (npm) May 10, 2021
Options structure open to Cross-site Scripting if passed unfiltered High
CVE-2021-29489 was published for highcharts (npm) May 6, 2021
Cross-site scripting (XSS) from unsanitized uploaded SVG files in Kirby High
CVE-2021-29460 was published for getkirby/cms (Composer) Apr 30, 2021
sreenathr10
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database