Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

332 advisories

Loading
components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote... Critical Unreviewed
CVE-2021-3210 was published May 24, 2022
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back... Critical Unreviewed
CVE-2020-13409 was published May 24, 2022
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back... Critical Unreviewed
CVE-2020-13407 was published May 24, 2022
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back... Critical Unreviewed
CVE-2020-13408 was published May 24, 2022
Mautic stored Cross-site Scripting (XSS) Critical
CVE-2020-35128 was published for mautic/core (Composer) May 24, 2022
zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because... Critical Unreviewed
CVE-2020-35717 was published May 24, 2022
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low... Critical Unreviewed
CVE-2020-12517 was published May 24, 2022
On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12... Critical Unreviewed
CVE-2020-5948 was published May 24, 2022
Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because... Critical Unreviewed
CVE-2020-16608 was published May 24, 2022
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from... Critical Unreviewed
CVE-2020-29071 was published May 24, 2022
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges... Critical Unreviewed
CVE-2020-15952 was published May 24, 2022
A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands. Critical Unreviewed
CVE-2020-18766 was published May 24, 2022
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this... Critical Unreviewed
CVE-2020-27176 was published May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** Leostream Connection Broker 8.2.x is affected by stored XSS. An... Critical Unreviewed
CVE-2020-26574 was published May 24, 2022
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1... Critical Unreviewed
CVE-2020-13169 was published May 24, 2022
Magento DOM-based Cross-site scripting vulnerability Critical
CVE-2020-9691 was published for magento/community-edition (Composer) May 24, 2022
Dolibarr Cross-site Scripting via the qty parameter in product/fournisseurs.php Critical
CVE-2019-19212 was published for dolibarr/dolibarr (Composer) May 24, 2022
Rambox RCE Vulnerability Critical
CVE-2019-17625 was published for Rambox (npm) May 24, 2022
A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The... Critical Unreviewed
CVE-2019-13923 was published May 24, 2022
Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway ... Critical Unreviewed
CVE-2019-3638 was published May 24, 2022
A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service... Critical Unreviewed
CVE-2019-5397 was published May 24, 2022
The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in... Critical Unreviewed
CVE-2019-13478 was published May 24, 2022
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would... Critical Unreviewed
CVE-2019-3873 was published May 24, 2022
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG... Critical Unreviewed
CVE-2019-3929 was published May 24, 2022
Publify vulnerable to cross site scripting Critical
CVE-2022-1811 was published for publify_core (RubyGems) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database