Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

486 advisories

Loading
Stored Cross-site Scripting vulnerability in Jenkins Environment Dashboard Plugin High
CVE-2022-27213 was published for io.jenkins.plugins:environment-dashboard (Maven) Mar 16, 2022
NotMyFault
Cross-site Scripting in microweber High
CVE-2022-0930 was published for microweber/microweber (Composer) Mar 13, 2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in view_component High
CVE-2022-24722 was published for view_component (RubyGems) Mar 2, 2022
Cross site scripting in @awsui/components-react High
CVE-2022-24709 was published for @awsui/components-react (npm) Feb 25, 2022
Cross-site Scripting in Microweber High
CVE-2022-0719 was published for microweber/microweber (Composer) Feb 24, 2022
Cross-site Scripting in Prism High
CVE-2022-23647 was published for prismjs (npm) Feb 22, 2022
Cross-site Scripting in microweber High
CVE-2022-0690 was published for microweber/microweber (Composer) Feb 20, 2022
Stored Cross-site Scripting vulnerability in Jenkins Custom Checkbox Parameter Plugin High
CVE-2022-25189 was published for io.jenkins.plugins:custom-checkbox-parameter (Maven) Feb 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Agent Server Parameter Plugin High
CVE-2022-25191 was published for io.jenkins.plugins:agent-server-parameter (Maven) Feb 16, 2022
NotMyFault
Cross site scripting in registration template in xwiki-platform High
CVE-2022-23622 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Feb 9, 2022
Cross site scripting in three.js High
CVE-2022-0177 was published for three (npm) Jan 27, 2022 withdrawn
Cross-site Scripting in HTML2PDF High
CVE-2021-45394 was published for spipu/html2pdf (Composer) Jan 21, 2022
Code Injection in microweber High
CVE-2022-0282 was published for microweber/microweber (Composer) Jan 21, 2022
Reflected cross-site scripting (XSS) vulnerability High
CVE-2022-0087 was published for @keystone-6/auth (npm) Jan 12, 2022
Shivansh-Khari
Sandbox bypass in Latte templates High
CVE-2022-21648 was published for latte/latte (Composer) Jan 6, 2022
Incorrect sanitisation function leads to `XSS` in mermaid High
CVE-2021-43861 was published for mermaid (npm) Jan 6, 2022
AjaxNetProfessional deserializes arbitrary JavaScript objects High
CVE-2021-43853 was published for AjaxNetProfessional (NuGet) Jan 6, 2022
jsk95 ashmind
Unsafe inline XSS in pasting DOM element into chat High
CVE-2021-39183 was published for github.com/owncast/owncast (Go) Dec 14, 2021
intrigus-lgtm
django-helpdesk is vulnerable to Cross-site Scripting High
CVE-2021-3994 was published for django-helpdesk (pip) Dec 3, 2021
kimai2 is vulnerable to Cross-site Scripting High
CVE-2021-3985 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
Cross-Site Scripting vulnerability in @backstage/plugin-auth-backend High
CVE-2021-43776 was published for @backstage/plugin-auth-backend (npm) Dec 1, 2021
Cross-Site Scripting Vulnerability in @joeattardi/emoji-button High
CVE-2021-43785 was published for @joeattardi/emoji-button (npm) Dec 1, 2021
erik-krogh agustingianni
Cross-site Scripting in snipe/snipe-it High
CVE-2021-3961 was published for snipe/snipe-it (Composer) Nov 23, 2021
Cross-site Scripting in django-helpdesk High
CVE-2021-3950 was published for django-helpdesk (pip) Nov 23, 2021
HTML comments vulnerability allowing to execute JavaScript code High
CVE-2021-41165 was published for ckeditor/ckeditor (Composer) Nov 17, 2021
leon-vg
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database