Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

361 advisories

Loading
Argo CD's external URLs for Deployments can include JavaScript Critical
CVE-2022-31035 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
DavidKorczynski AdamKorcz
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client... Critical Unreviewed
CVE-2022-29095 was published Jun 11, 2022
In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability.... Critical Unreviewed
CVE-2022-32271 was published Jun 4, 2022
Cross-site Scripting vulnerability in Mautic's tracking pixel functionality Critical
CVE-2022-25772 was published for mautic/core (Composer) May 25, 2022
mollux
AEM's Cloud Service offering, as well as versions 6.5.6.0 (and below), 6.4.8.2 (and below) and 6... Critical Unreviewed
CVE-2020-24445 was published May 24, 2022
Mautic stored Cross-site Scripting (XSS) Critical
CVE-2020-35129 was published for mautic/core (Composer) May 24, 2022
The Jetpack Scan team identified a Reflected Cross-Site Scripting via the... Critical Unreviewed
CVE-2021-24229 was published May 24, 2022
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress... Critical Unreviewed
CVE-2021-43047 was published May 24, 2022
In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names... Critical Unreviewed
CVE-2021-43523 was published May 24, 2022
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail"... Critical Unreviewed
CVE-2021-24693 was published May 24, 2022
Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute... Critical Unreviewed
CVE-2020-20982 was published May 24, 2022
Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute... Critical Unreviewed
CVE-2020-23718 was published May 24, 2022
Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP... Critical Unreviewed
CVE-2020-23754 was published May 24, 2022
Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in... Critical Unreviewed
CVE-2020-23719 was published May 24, 2022
The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags... Critical Unreviewed
CVE-2021-24884 was published May 24, 2022
On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross... Critical Unreviewed
CVE-2021-23037 was published May 24, 2022
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before... Critical Unreviewed
CVE-2021-23038 was published May 24, 2022
This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to... Critical Unreviewed
CVE-2021-35222 was published May 24, 2022
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a... Critical Unreviewed
CVE-2021-3694 was published May 24, 2022
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a... Critical Unreviewed
CVE-2021-3693 was published May 24, 2022
Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore... Critical Unreviewed
CVE-2021-33501 was published May 24, 2022
A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an... Critical Unreviewed
CVE-2021-3529 was published May 24, 2022
A flaw was found in Red Hat Quay, where it has a persistent Cross-site Scripting (XSS)... Critical Unreviewed
CVE-2020-27832 was published May 24, 2022
Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command... Critical Unreviewed
CVE-2021-31761 was published May 24, 2022
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness... Critical Unreviewed
CVE-2021-0268 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database