Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,890 advisories

Loading
XSS in Mapfish Print relating to JSONP support Low
CVE-2020-15231 was published for org.mapfish.print:print-lib (Maven) Jul 7, 2020
Cross-site Scripting in October Low
CVE-2020-4061 was published for october/backend (Composer) Jul 2, 2020
tomaszstrojny
Cross site scripting in Angular Moderate
CVE-2020-7676 was published for angular (npm) Jun 18, 2020
tdunlap607
Cross-site Scripting in Sanitize High
CVE-2020-4054 was published for sanitize (RubyGems) Jun 16, 2020
Cross-site Scripting in dijit editor's LinkDialog plugin Low
CVE-2020-4051 was published for dijit (npm) Jun 15, 2020
Alexxino MikeAnas
Reflected Cross-Site Scripting in Apache CXF Moderate
CVE-2019-17573 was published for org.apache.cxf:apache-cxf (Maven) Jun 10, 2020
The filename of uploaded files vulnerable to stored XSS High
CVE-2020-4041 was published for bolt/bolt (Composer) Jun 9, 2020
staz0t
Reflected XSS in GraphQL Playground High
CVE-2020-4038 was published for graphql-playground-html (npm) Jun 9, 2020
XSS in Django Moderate
CVE-2020-13596 was published for Django (pip) Jun 5, 2020
tdunlap607
Reflected XSS when importing CSV in OctoberCMS Moderate
CVE-2020-5298 was published for october/backend (Composer) Jun 3, 2020
staz0t
Cross-Site Scripting in Kaminari Moderate
CVE-2020-11082 was published for kaminari (RubyGems) May 28, 2020
viseztrance sonalkr132
Apache ActiveMQ webconsole admin GUI is open to XSS Moderate
CVE-2020-1941 was published for org.apache.activemq:activemq-web-console (Maven) May 21, 2020
sunSUNQ
XSS in Dolibarr Moderate
CVE-2020-13094 was published for dolibarr/dolibarr (Composer) May 21, 2020
Cross-Site Scripting in jquery Moderate
CVE-2020-7656 was published for jQuery (RubyGems) May 20, 2020
klaudialax eoftedal
Cross-Site Scripting in TYPO3 CMS Link Handling Moderate
CVE-2020-11065 was published for typo3/cms (Composer) May 13, 2020
josefglatz ohader
Cross-Site Scripting in TYPO3 CMS Form Engine Moderate
CVE-2020-11064 was published for typo3/cms (Composer) May 13, 2020
liayn Weissheiten
Cross-Site Scripting in SVG Sanitizer Moderate
CVE-2020-11070 was published for t3g/svg-sanitizer (Composer) May 13, 2020
NeoBlack
XSS in TinyMCE Moderate
CVE-2019-1010091 was published for tinymce (npm) May 11, 2020
Cross-Site Scripting in BookStack Moderate
CVE-2020-11055 was published for ssddanbrown/bookstack (Composer) May 7, 2020
XSS in Apache Airflow Moderate
CVE-2019-12398 was published for apache-airflow (pip) May 6, 2020
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11023 was published for components/jquery (RubyGems) Apr 29, 2020
masatokinugawa klaudialax
Rudloff
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11022 was published for athlon1600/youtube-downloader (RubyGems) Apr 29, 2020
masatokinugawa Churro
Rudloff
XSS in python-markdown2 Moderate
CVE-2020-11888 was published for markdown2 (pip) Apr 22, 2020
schinckel
Cross-Site Scripting in sanitize-html Moderate
CVE-2016-1000237 was published for sanitize-html (npm) Apr 16, 2020
XSS in Keycloak Moderate
CVE-2020-1697 was published for org.keycloak:keycloak-core (Maven) Apr 15, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database