Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,890 advisories

Loading
Cross-Site Scripting in serialize-to-js Low
CVE-2019-16772 was published for serialize-to-js (npm) Dec 6, 2019
Cross-Site Scripting in serialize-javascript Moderate
CVE-2019-16769 was published for serialize-javascript (npm) Dec 5, 2019
Cross-Site Scripting in iobroker.web Moderate
CVE-2019-10771 was published for iobroker.web (npm) Dec 2, 2019
Unescaped exception messages in error responses in Jetty Moderate
CVE-2019-17632 was published for org.eclipse.jetty:jetty-server (Maven) Dec 2, 2019
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony Critical
CVE-2019-10913 was published for symfony/http-foundation (Composer) Dec 2, 2019
Pannellum Cross-Site Scripting due to data not being sanitized for URIs or vbscript Moderate
CVE-2019-16763 was published for pannellum (npm) Nov 22, 2019
max-schaefer
Cross-Site Scripting in vant High
GHSA-9xr8-8hmc-389f was published for vant (npm) Nov 22, 2019
Apache Airflow vulnerable to XSS and local file disclosure Moderate
CVE-2019-12417 was published for airflow (pip) Nov 22, 2019
sunSUNQ
Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke Moderate
CVE-2019-12562 was published for DotNetNuke.Core (NuGet) Nov 18, 2019
Symfony Cross-site Scripting (XSS) vulnerability Moderate
CVE-2019-10909 was published for drupal/core (Composer) Nov 12, 2019
Composer JavaScript injection possible via html comments Moderate
CVE-2019-8233 was published for magento/community-edition (Composer) Nov 12, 2019
Magento Cross-Site Scripting via Attribute Set Name Moderate
CVE-2019-8145 was published for magento/community-edition (Composer) Nov 12, 2019
XSS issues in the management interface Moderate
CVE-2019-13236 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
XSS in login form Moderate
CVE-2019-13235 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
XSS in search engine Moderate
CVE-2019-13234 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
Cross-site Scripting in Grav Moderate
CVE-2019-16126 was published for getgrav/grav (Composer) Nov 8, 2019
Cross-site scripting in Dolibarr Moderate
CVE-2019-16197 was published for dolibarr/dolibarr (Composer) Nov 8, 2019
Cross-site scripting in Jupyter Notebook Moderate
CVE-2018-21030 was published for notebook (pip) Nov 8, 2019
Cross-site Scripting in Bolt Moderate
CVE-2019-15485 was published for bolt/bolt (Composer) Nov 8, 2019
Loofah Allows Cross-site Scripting Moderate
CVE-2019-15587 was published for loofah (RubyGems) Nov 5, 2019
tdunlap607
Cross-site Scripting in node-red-dashboard Moderate
CVE-2019-10756 was published for node-red-dashboard (npm) Oct 25, 2019
Haml vulnerable to cross-site scripting Moderate
CVE-2017-1002201 was published for haml (RubyGems) Oct 21, 2019
Cross-site scripting in Swagger-UI Critical
CVE-2019-17495 was published for io.springfox:springfox-swagger-ui (Maven) Oct 15, 2019
mustafanaa
Cross-site Scripting in YII2-CMS Moderate
CVE-2019-16130 was published for yii2mod/yii2-cms (Composer) Oct 14, 2019
Cross-site scripting in Apache JSPWiki Moderate
CVE-2019-12404 was published for org.apache.jspwiki:jspwiki-war (Maven) Oct 11, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database