Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,530 advisories

Loading
Authenticated end-user may set a specially crafted SNX bookmark that can make their browser run a... Low Unreviewed
CVE-2024-52887 was published Apr 27, 2025
In JetBrains TeamCity before 2025.03.1 stored XSS was possible on Data Directory tab Low Unreviewed
CVE-2025-46618 was published Apr 25, 2025
Insufficient sanitization in HCL Leap allows client-side script injection in the authoring... Low Unreviewed
CVE-2024-30114 was published Apr 24, 2025
Duplicate Advisory: Contao allows admin an account to upload SVG file containing malicious JavaScript Low
CVE-2024-45965 was published for contao/contao (Composer) Oct 2, 2024 withdrawn
zoglo
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a... Low Unreviewed
CVE-2024-42195 was published Dec 5, 2024
OpenCMS Cross-Site Scripting vulnerability Low
CVE-2024-42699 was published for org.opencms:opencms-core (Maven) Apr 21, 2025
An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA... Low Unreviewed
CVE-2025-3840 was published Apr 21, 2025
SolarWinds Serv-U is vulnerable to a client-side cross-site scripting (XSS) vulnerability. The... Low Unreviewed
CVE-2024-45712 was published Apr 15, 2025
Typo3 XSS Vulnerabilities Low
CVE-2014-3943 was published for typo3/cms (Composer) May 14, 2022
concrete5 vulnerable to Cross-site Scripting Low
CVE-2015-3989 was published for concrete5/concrete5 (Composer) May 17, 2022
WEC Map (wec_map) extension for TYPO3 allows Cross-site Scripting Low
CVE-2014-6296 was published for jbartels/wec-map (Composer) May 17, 2022
Cross-site scripting (XSS) vulnerability in the MDC Private Message plugin 1.0.0 for WordPress... Low Unreviewed
CVE-2015-6805 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in includes/options-profiles.php in the YouTube Embed... Low Unreviewed
CVE-2015-6535 was published May 14, 2022
Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka... Low Unreviewed
CVE-2015-6810 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 allows remote authenticated... Low Unreviewed
CVE-2015-5622 was published May 17, 2022
Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90... Low Unreviewed
CVE-2015-5150 was published May 17, 2022
Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron... Low Unreviewed
CVE-2015-4427 was published May 14, 2022
Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x,... Low Unreviewed
CVE-2015-3443 was published May 14, 2022
Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the... Low Unreviewed
CVE-2015-4065 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36... Low Unreviewed
CVE-2015-3921 was published May 17, 2022
Multiple cross-site scripting (XSS) vulnerabilities in Y-Cam camera models SD range YCB003,... Low Unreviewed
CVE-2014-1902 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in the BE User Log (beko_beuserlog) extension 1.1.1 and... Low Unreviewed
CVE-2015-4608 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin... Low Unreviewed
CVE-2015-4063 was published May 17, 2022
Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in MyBB (aka... Low Unreviewed
CVE-2015-2149 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0... Low Unreviewed
CVE-2014-9311 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database