Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,923 advisories

Loading
hoppscotch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor High Unreviewed
CVE-2022-0121 was published Jan 7, 2022
Sandbox bypass in Latte templates High
CVE-2022-21648 was published for latte/latte (Composer) Jan 6, 2022
Incorrect sanitisation function leads to `XSS` in mermaid High
CVE-2021-43861 was published for mermaid (npm) Jan 6, 2022
AjaxNetProfessional deserializes arbitrary JavaScript objects High
CVE-2021-43853 was published for AjaxNetProfessional (NuGet) Jan 6, 2022
jsk95 ashmind
Unsafe inline XSS in pasting DOM element into chat High
CVE-2021-39183 was published for github.com/owncast/owncast (Go) Dec 14, 2021
intrigus-lgtm
django-helpdesk is vulnerable to Cross-site Scripting High
CVE-2021-3994 was published for django-helpdesk (pip) Dec 3, 2021
kimai2 is vulnerable to Cross-site Scripting High
CVE-2021-3985 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
Cross-Site Scripting vulnerability in @backstage/plugin-auth-backend High
CVE-2021-43776 was published for @backstage/plugin-auth-backend (npm) Dec 1, 2021
Cross-Site Scripting Vulnerability in @joeattardi/emoji-button High
CVE-2021-43785 was published for @joeattardi/emoji-button (npm) Dec 1, 2021
erik-krogh agustingianni
Cross-site Scripting in snipe/snipe-it High
CVE-2021-3961 was published for snipe/snipe-it (Composer) Nov 23, 2021
Cross-site Scripting in django-helpdesk High
CVE-2021-3950 was published for django-helpdesk (pip) Nov 23, 2021
HTML comments vulnerability allowing to execute JavaScript code High
CVE-2021-41165 was published for ckeditor/ckeditor (Composer) Nov 17, 2021
leon-vg
Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML High
CVE-2021-41164 was published for ckeditor4 (npm) Nov 17, 2021
Cross-site Scripting in django-helpdesk High
CVE-2021-3945 was published for django-helpdesk (pip) Nov 15, 2021
Cross-site Scripting Vulnerability in GraphQL Playground (distributed by Apollo Server) High
GHSA-qm7x-rc44-rrqw was published for apollo-server (npm) Nov 8, 2021
Ry0taK
XSS vulnerability in GraphQL Playground from untrusted schemas High
CVE-2021-41249 was published for graphql-playground-react (npm) Nov 8, 2021
Ry0taK
GraphiQL introspection schema template injection attack High
CVE-2021-41248 was published for graphiql (npm) Nov 8, 2021
Ry0taK
Clipboard-based XSS High
CVE-2021-41086 was published for jsuites (npm) Sep 22, 2021
intrigus-lgtm bananabr
erik-krogh
Stored XSS vulnerability on Bounce Management Callback High
CVE-2021-27910 was published for mautic/core (Composer) Sep 1, 2021
tdunlap607
XSS vulnerability on contacts view High
CVE-2021-27911 was published for mautic/core (Composer) Sep 1, 2021
MatisAct rohitp19
XSS vulnerability on asset view High
CVE-2021-27912 was published for mautic/core (Composer) Sep 1, 2021
MatisAct rohitp19
XSS in Image Optimization API for Next.js High
CVE-2021-39178 was published for next (npm) Sep 1, 2021
tdunlap607
Improper Neutralization of Text-Values in Object Version Preview High
CVE-2021-39166 was published for pimcore/pimcore (Composer) Sep 1, 2021
Improper Encoding or Escaping of Output in Asset Metadata Component High
CVE-2021-39170 was published for pimcore/pimcore (Composer) Sep 1, 2021
Cross-site scripting vulnerability in file upload High
CVE-2021-39136 was published for baserproject/basercms (Composer) Aug 30, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database