Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

361 advisories

Loading
The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in... Critical Unreviewed
CVE-2019-13478 was published May 24, 2022
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would... Critical Unreviewed
CVE-2019-3873 was published May 24, 2022
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG... Critical Unreviewed
CVE-2019-3929 was published May 24, 2022
Publify vulnerable to cross site scripting Critical
CVE-2022-1811 was published for publify_core (RubyGems) May 24, 2022
Cross-site Scripting in com.erudika:para-core Critical
CVE-2022-1782 was published for com.erudika:para-core (Maven) May 19, 2022
Django Allows Redirect via Data URL Critical
CVE-2012-3442 was published for django (pip) May 17, 2022
Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are... Critical Unreviewed
CVE-2018-18864 was published May 14, 2022
Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this... Critical Unreviewed
CVE-2019-7551 was published May 13, 2022
An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to... Critical Unreviewed
CVE-2018-19222 was published May 13, 2022
A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An... Critical Unreviewed
CVE-2018-10369 was published May 13, 2022
Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File Download. `www/delivery... Critical Unreviewed
CVE-2016-9470 was published May 13, 2022
Nuclide Improper Input Validation Critical
CVE-2018-6333 was published for nuclide (npm) May 13, 2022
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering... Critical Unreviewed
CVE-2019-3709 was published May 13, 2022
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an... Critical Unreviewed
CVE-2019-3708 was published May 13, 2022
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the... Critical Unreviewed
CVE-2017-8898 was published May 13, 2022
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries... Critical Unreviewed
CVE-2018-9079 was published May 13, 2022
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18... Critical Unreviewed
CVE-2022-1575 was published May 6, 2022
Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing... Critical Unreviewed
CVE-2022-28101 was published Apr 29, 2022
Cross site scripting in FacturaScripts Critical
CVE-2022-1514 was published for facturascripts/facturascripts (Composer) Apr 29, 2022
Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code... Critical Unreviewed
CVE-2022-28464 was published Apr 28, 2022
Cross site scripting in facturascripts Critical
CVE-2022-1457 was published for neorazorx/facturascripts (Composer) Apr 26, 2022
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes Functionality of... Critical Unreviewed
CVE-2021-42136 was published Apr 14, 2022
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to... Critical Unreviewed
CVE-2022-1344 was published Apr 14, 2022
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows... Critical Unreviewed
CVE-2022-1346 was published Apr 14, 2022
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs... Critical Unreviewed
CVE-2021-32157 was published Apr 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database