GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,150
Erlang
30
GitHub Actions
19
Go
1,952
Maven
5,000+
npm
3,684
NuGet
650
pip
3,305
Pub
11
RubyGems
879
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
284 advisories
Filter by severity
A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS)...
Critical
Unreviewed
CVE-2020-27832
was published
May 24, 2022
Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code...
Critical
Unreviewed
CVE-2022-28464
was published
Apr 28, 2022
Cross site scripting in FacturaScripts
Critical
CVE-2022-1514
was published
for
facturascripts/facturascripts
(Composer)
Apr 29, 2022
Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing...
Critical
Unreviewed
CVE-2022-28101
was published
Apr 29, 2022
AEM's Cloud Service offering, as well as versions 6.5.6.0 (and below), 6.4.8.2 (and below) and 6...
Critical
Unreviewed
CVE-2020-24445
was published
May 24, 2022
Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore...
Critical
Unreviewed
CVE-2021-33501
was published
May 24, 2022
Joplin is vulnerable to arbitrary code execution
Critical
CVE-2022-35131
was published
for
joplin
(npm)
Jul 26, 2022
Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to...
Critical
Unreviewed
CVE-2022-40004
was published
Dec 16, 2022
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a...
Critical
Unreviewed
CVE-2021-3693
was published
May 24, 2022
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a...
Critical
Unreviewed
CVE-2021-3694
was published
May 24, 2022
This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to...
Critical
Unreviewed
CVE-2021-35222
was published
May 24, 2022
On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross...
Critical
Unreviewed
CVE-2021-23037
was published
May 24, 2022
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before...
Critical
Unreviewed
CVE-2021-23038
was published
May 24, 2022
keycloak Self Stored Cross-site Scripting vulnerability
Critical
CVE-2021-20195
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 8, 2021
Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in...
Critical
Unreviewed
CVE-2020-23719
was published
May 24, 2022
Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP...
Critical
Unreviewed
CVE-2020-23754
was published
May 24, 2022
Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute...
Critical
Unreviewed
CVE-2020-23718
was published
May 24, 2022
Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute...
Critical
Unreviewed
CVE-2020-20982
was published
May 24, 2022
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail"...
Critical
Unreviewed
CVE-2021-24693
was published
May 24, 2022
In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names...
Critical
Unreviewed
CVE-2021-43523
was published
May 24, 2022
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress...
Critical
Unreviewed
CVE-2021-43047
was published
May 24, 2022
The Jetpack Scan team identified a Reflected Cross-Site Scripting via the...
Critical
Unreviewed
CVE-2021-24229
was published
May 24, 2022
Valine code injection vulnerability
Critical
CVE-2022-38545
was published
for
valine
(npm)
Sep 20, 2022
The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable...
Critical
Unreviewed
CVE-2022-30577
was published
Sep 22, 2022
A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo...
Critical
Unreviewed
CVE-2022-28712
was published
Aug 23, 2022
ProTip!
Advisories are also available from the
GraphQL API