Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

332 advisories

Loading
Cross-site Scripting in com.erudika:para-core Critical
CVE-2022-1782 was published for com.erudika:para-core (Maven) May 19, 2022
Django Allows Redirect via Data URL Critical
CVE-2012-3442 was published for django (pip) May 17, 2022
Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are... Critical Unreviewed
CVE-2018-18864 was published May 14, 2022
Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this... Critical Unreviewed
CVE-2019-7551 was published May 13, 2022
An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to... Critical Unreviewed
CVE-2018-19222 was published May 13, 2022
A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An... Critical Unreviewed
CVE-2018-10369 was published May 13, 2022
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery... Critical Unreviewed
CVE-2016-9470 was published May 13, 2022
Nuclide Improper Input Validation Critical
CVE-2018-6333 was published for nuclide (npm) May 13, 2022
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering... Critical Unreviewed
CVE-2019-3709 was published May 13, 2022
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an... Critical Unreviewed
CVE-2019-3708 was published May 13, 2022
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the... Critical Unreviewed
CVE-2017-8898 was published May 13, 2022
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries... Critical Unreviewed
CVE-2018-9079 was published May 13, 2022
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18... Critical Unreviewed
CVE-2022-1575 was published May 6, 2022
Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing... Critical Unreviewed
CVE-2022-28101 was published Apr 29, 2022
Cross site scripting in FacturaScripts Critical
CVE-2022-1514 was published for facturascripts/facturascripts (Composer) Apr 29, 2022
Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code... Critical Unreviewed
CVE-2022-28464 was published Apr 28, 2022
Cross site scripting in facturascripts Critical
CVE-2022-1457 was published for neorazorx/facturascripts (Composer) Apr 26, 2022
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes Functionality of... Critical Unreviewed
CVE-2021-42136 was published Apr 14, 2022
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows... Critical Unreviewed
CVE-2022-1346 was published Apr 14, 2022
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to... Critical Unreviewed
CVE-2022-1344 was published Apr 14, 2022
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs... Critical Unreviewed
CVE-2021-32157 was published Apr 12, 2022
Remote code injection in dompdf/dompdf Critical
CVE-2022-28368 was published for dompdf/dompdf (Composer) Apr 4, 2022
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Critical Unreviewed
CVE-2022-25620 was published Mar 31, 2022
Arbitrary code execution in post-loader Critical
CVE-2022-0748 was published for post-loader (npm) Mar 18, 2022
Cross-site Scripting in showdoc/showdoc Critical
CVE-2022-0960 was published for showdoc/showdoc (Composer) Mar 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database