Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,890 advisories

Loading
XSS injection in the Grid component of Sylius Moderate
CVE-2019-12186 was published for sylius/grid (Composer) Apr 15, 2020
Possible XSS attack in Wagtail Moderate
CVE-2020-11001 was published for wagtail (pip) Apr 14, 2020
Persistent Cross-Site scripting in Nexus Repository Manager Moderate
CVE-2020-10203 was published for org.sonatype.nexus:nexus-core (Maven) Apr 14, 2020
Cross-Site Scripting in seeftl High
CVE-2019-15603 was published for seeftl (npm) Apr 1, 2020
Cross-Site Scripting in fileview High
CVE-2019-15602 was published for fileview (npm) Apr 1, 2020
XSS in MITREid Connect Moderate
CVE-2020-5497 was published for org.mitre:openid-connect-server (Maven) Apr 1, 2020
XSS in knockout Moderate
CVE-2019-14862 was published for knockout (npm) Apr 1, 2020
Bleach vulnerable to mutation XSS via whitelisted math or svg and raw tag Moderate
CVE-2020-6816 was published for bleach (pip) Mar 24, 2020
Cross-site scripting in PHPMailer Moderate
CVE-2017-11503 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Sanitizer bypass in svg-sanitizer Moderate
CVE-2019-10772 was published for enshrined/svg-sanitize (Composer) Feb 27, 2020
XSS in Bleach when noscript and raw tag whitelisted Moderate
CVE-2020-6802 was published for bleach (pip) Feb 24, 2020
Reflected XSS in SilverStripe Moderate
CVE-2019-19325 was published for silverstripe/framework (Composer) Feb 24, 2020
AngularJS Cross-site Scripting due to failure to sanitize `xlink.href` attributes Moderate
CVE-2019-14863 was published for angular (npm) Feb 14, 2020
XSS in dojox due to insufficient escape in dojox.xmpp.util.xmlEncode Moderate
CVE-2019-10785 was published for dojox (npm) Feb 13, 2020
JLLeitschuh
auth0-lock vulnerable to XSS via unsanitized placeholder property Moderate
CVE-2019-20174 was published for auth0-lock (npm) Jan 31, 2020
Cross-site scripting vulnerability in TinyMCE High
CVE-2020-17480 was published for tinymce (npm) Jan 30, 2020
Cross-Site Scripting in node-red Moderate
CVE-2019-15607 was published for node-red (npm) Jan 30, 2020
XSS in Dolibarr ERP & CRM Moderate
CVE-2020-7996 was published for dolibarr/dolibarr (Composer) Jan 28, 2020
Default development error handler in Ratpack is vulnerable to HTML content injection (XSS) Moderate
CVE-2019-10770 was published for io.ratpack:ratpack-core (Maven) Jan 27, 2020
JLLeitschuh
Cross-site scripting in SimpleSAMLphp Low
CVE-2020-5226 was published for simplesamlphp/simplesamlphp (Composer) Jan 24, 2020
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application High
CVE-2020-5398 was published for org.springframework:spring-webflux (Maven) Jan 21, 2020
briandealwis sunSUNQ
Persistent XSS vulnerability in filename of attached file in PrivateBin Moderate
CVE-2020-5223 was published for privatebin/privatebin (Composer) Jan 14, 2020
Stored XSS in Apache Atlas Moderate
CVE-2019-10070 was published for org.apache.atlas:apache-atlas (Maven) Jan 8, 2020
XSS in enshrined/svg-sanitize due to mishandled script and data values in attributes High
CVE-2019-18857 was published for enshrined/svg-sanitize (Composer) Jan 8, 2020
ohader
The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks Moderate
CVE-2019-10219 was published for org.hibernate.validator:hibernate-validator (Maven) Jan 8, 2020
SunBK201 poc-effectiveness
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database