Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,890 advisories

Loading
XSS in HtmlSanitizer Low
CVE-2020-26293 was published for HtmlSanitizer (NuGet) Jan 4, 2021
XSS in Vega Low
CVE-2020-26296 was published for vega (npm) Dec 30, 2020
Cross-Site Scripting in Fluid view helpers Moderate
CVE-2020-26227 was published for typo3/cms (Composer) Dec 21, 2020
ohader
Cross-site Scripting in dompurify Moderate
CVE-2020-26870 was published for dompurify (npm) Dec 18, 2020
Cross-Site Scripting in Grav Moderate
GHSA-cvmr-6428-87w9 was published for getgrav/grav (Composer) Dec 10, 2020
ShrubberyRubbery
Denial of service attack via incorrect parameters in Matrix Synapse High
CVE-2020-26257 was published for matrix-synapse (pip) Dec 9, 2020
Remote Code Execution (RCE) Exploit on Cross Site Scripting (XSS) Vulnerability Moderate
CVE-2020-26249 was published for red-dashboard (pip) Dec 8, 2020
fixator10
Cross-Site Scripting bypass in html-purify High
GHSA-5p28-63mc-cgr9 was published for html-purify (npm) Dec 4, 2020
Stored XSS by authenticated backend user with access to upload files Low
CVE-2020-15249 was published for october/backend (Composer) Nov 23, 2020
Cross-Site Scripting through Fluid view helper arguments High
CVE-2020-26216 was published for typo3fluid/fluid (Composer) Nov 18, 2020
NamelessCoder jonaseberle
Reflected XSS with parameters in PostComment Moderate
CVE-2020-26225 was published for prestashop/productcomments (Composer) Nov 16, 2020
my3ker
Persistent XSS in newsletter module in Shopware Low
GHSA-hrfh-fp4x-crrq was published for shopware/shopware (Composer) Nov 13, 2020
Persistent XSS in shopping worlds Low
GHSA-28fw-88hq-6jmm was published for shopware/shopware (Composer) Nov 13, 2020
Persistent XSS in customer module in Shopware Low
GHSA-6gv9-7q4g-pmvm was published for shopware/shopware (Composer) Nov 13, 2020
malicious SVG attachment causing stored XSS vulnerability Moderate
CVE-2020-15275 was published for moin (pip) Nov 11, 2020
Cross-Site Scripting in scratch-svg-renderer High
CVE-2020-7750 was published for scratch-svg-renderer (npm) Nov 9, 2020
Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0 Low
CVE-2020-15273 was published for baserproject/basercms (Composer) Nov 4, 2020
Aquilao
Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0 Low
CVE-2020-15276 was published for baserproject/basercms (Composer) Oct 30, 2020
Cross-site Scripting in Strapi Moderate
CVE-2020-27666 was published for strapi-plugin-content-manager (npm) Oct 29, 2020
Ability to switch customer email address on account detail page and stay verified Moderate
CVE-2020-15245 was published for sylius/sylius (Composer) Oct 19, 2020
decemvre
Inline attribute values were not processed. High
CVE-2020-15263 was published for orchid/platform (Composer) Oct 19, 2020
Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint Moderate
CVE-2020-26891 was published for matrix-synapse (pip) Oct 16, 2020
dkasak
Cross-site Scripting in Joplin Moderate
CVE-2020-9038 was published for joplin (npm) Oct 13, 2020
XSS vulnerability when listing users on add & modify server pages. Moderate
GHSA-5822-pw57-vv37 was published for pterodactyl/panel (Composer) Oct 8, 2020
sergejostir
Cross-Site Scripting in ternary conditional operator Moderate
CVE-2020-15241 was published for typo3/cms (Composer) Oct 8, 2020
billdagou NamelessCoder
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database