Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

332 advisories

Loading
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1... Critical Unreviewed
CVE-2020-13169 was published May 24, 2022
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges... Critical Unreviewed
CVE-2020-15952 was published May 24, 2022
Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway ... Critical Unreviewed
CVE-2019-3638 was published May 24, 2022
Dolibarr Cross-site Scripting vulnerability Critical
CVE-2021-25955 was published for dolibarr/dolibarr (Composer) Aug 30, 2021
A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by... Critical Unreviewed
CVE-2022-4354 was published Dec 8, 2022
A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection... Critical Unreviewed
CVE-2022-26842 was published Aug 23, 2022
Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to... Critical Unreviewed
CVE-2020-19586 was published Sep 15, 2022
The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags... Critical Unreviewed
CVE-2021-24884 was published May 24, 2022
Insufficient user input in Apache Jetspeed-2 Critical
CVE-2022-32533 was published for org.apache.portals.jetspeed-2:jetspeed-commons (Maven) Jul 7, 2022
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an... Critical Unreviewed
CVE-2022-2140 was published Jun 28, 2022
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin... Critical Unreviewed
CVE-2021-43702 was published Jul 6, 2022
Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution,... Critical Unreviewed
CVE-2021-26636 was published Jun 24, 2022
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness... Critical Unreviewed
CVE-2021-0268 was published May 24, 2022
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client... Critical Unreviewed
CVE-2022-29095 was published Jun 11, 2022
SQL Injection and Cross-site Scripting in class-validator Critical
CVE-2019-18413 was published for class-validator (npm) Oct 12, 2021
In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability.... Critical Unreviewed
CVE-2022-32271 was published Jun 4, 2022
Privilege Escalation in cordova-plugin-inappbrowser Critical
CVE-2019-0219 was published for cordova-plugin-inappbrowser (npm) Sep 4, 2020
XWiki Platform Mentions UI vulnerable to Cross-site Scripting Critical
CVE-2022-36098 was published for org.xwiki.platform:xwiki-platform-mentions-ui (Maven) Sep 16, 2022
Cross site scripting in facturascripts Critical
CVE-2022-1457 was published for neorazorx/facturascripts (Composer) Apr 26, 2022
Cross-site Scripting in com.erudika:para-core Critical
CVE-2022-1782 was published for com.erudika:para-core (Maven) May 19, 2022
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to... Critical Unreviewed
CVE-2022-1344 was published Apr 14, 2022
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows... Critical Unreviewed
CVE-2022-1346 was published Apr 14, 2022
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes Functionality of... Critical Unreviewed
CVE-2021-42136 was published Apr 14, 2022
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs... Critical Unreviewed
CVE-2021-32157 was published Apr 12, 2022
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Critical Unreviewed
CVE-2022-25620 was published Mar 31, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database