Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,747
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

367 advisories

Loading
calibre-web is vulnerable to Cross-site Scripting Moderate
CVE-2021-4170 was published for calibreweb (pip) Jan 21, 2022
Cross-site Scripting in Ericsson CodeChecker Moderate
CVE-2021-44217 was published for codechecker (pip) Jan 21, 2022
OTF-001: Improper Input Sanitation: The path parameter of the requested URL is not sanitized before being passed to the QT frontend Moderate
CVE-2022-21690 was published for onionshare-cli (pip) Jan 21, 2022
Cross-site Scripting in django-cms Moderate
CVE-2021-44649 was published for django-cms (pip) Jan 13, 2022
lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through Moderate
CVE-2021-43818 was published for lxml (pip) Dec 13, 2021
pwntester
Cross-site Scripting in python-cjson Moderate
CVE-2009-4924 was published for python-cjson (pip) Dec 6, 2021
Cross-site Scripting in CKAN Moderate
CVE-2021-25967 was published for ckan (pip) Dec 3, 2021
django-helpdesk is vulnerable to Cross-site Scripting High
CVE-2021-3994 was published for django-helpdesk (pip) Dec 3, 2021
Cross-site Scripting in django-wiki Moderate
CVE-2021-25986 was published for wiki (pip) Dec 2, 2021
Cross-site Scripting in django-helpdesk High
CVE-2021-3950 was published for django-helpdesk (pip) Nov 23, 2021
Cross-site Scripting in django-helpdesk High
CVE-2021-3945 was published for django-helpdesk (pip) Nov 15, 2021
Stored XSS in Jupyter nbdime Moderate
CVE-2021-41134 was published for nbdime (npm) Nov 8, 2021
Cross-site scripting vulnerability in TinyMCE plugins Moderate
CVE-2024-21910 was published for TinyMCE (Composer) Nov 2, 2021
Inconsistent input sanitisation leads to XSS vectors Critical
CVE-2021-41132 was published for omero-figure (pip) Oct 14, 2021
Cross-site scripting in Unicorn framework Moderate
CVE-2021-42053 was published for django-unicorn (pip) Oct 12, 2021
Cross-site Scripting in django-unicorn Moderate
CVE-2021-42134 was published for django-unicorn (pip) Oct 12, 2021
Cross-site Scripting in shuup Moderate
CVE-2021-25963 was published for shuup (pip) Oct 4, 2021
Cross-site scripting in pywb Moderate
CVE-2021-39286 was published for pywb (pip) Sep 2, 2021
Cross Site Scripting (XSS) in Simiki Moderate
CVE-2020-19000 was published for simiki (pip) Sep 1, 2021
Cross Site Scripting (XSS) in Quokka Moderate
CVE-2020-18702 was published for quokka (pip) Aug 30, 2021
Special Element Injection in notebook High
CVE-2021-32798 was published for notebook (pip) Aug 23, 2021
0xDeva
JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form> Moderate
CVE-2021-32797 was published for jupyterlab (pip) Aug 23, 2021
0xDeva
Cross-site scripting in Products.CMFCore, Products.PluggableAuthService, Plone Moderate
CVE-2021-33507 was published for Plone (pip) Jun 18, 2021
Cross-site Scripting in Apache Airflow Moderate
CVE-2021-28359 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Cross-site scripting in LocalStack Moderate
CVE-2021-32091 was published for localstack (pip) Jun 18, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database