Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

486 advisories

Loading
Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML High
CVE-2021-41164 was published for ckeditor4 (npm) Nov 17, 2021
Cross-site Scripting in django-helpdesk High
CVE-2021-3945 was published for django-helpdesk (pip) Nov 15, 2021
Cross-site Scripting Vulnerability in GraphQL Playground (distributed by Apollo Server) High
GHSA-qm7x-rc44-rrqw was published for apollo-server (npm) Nov 8, 2021
Ry0taK
XSS vulnerability in GraphQL Playground from untrusted schemas High
CVE-2021-41249 was published for graphql-playground-react (npm) Nov 8, 2021
Ry0taK
GraphiQL introspection schema template injection attack High
CVE-2021-41248 was published for graphiql (npm) Nov 8, 2021
Ry0taK
Clipboard-based XSS High
CVE-2021-41086 was published for jsuites (npm) Sep 22, 2021
intrigus-lgtm bananabr
erik-krogh
Stored XSS vulnerability on Bounce Management Callback High
CVE-2021-27910 was published for mautic/core (Composer) Sep 1, 2021
tdunlap607
XSS vulnerability on contacts view High
CVE-2021-27911 was published for mautic/core (Composer) Sep 1, 2021
MatisAct rohitp19
XSS vulnerability on asset view High
CVE-2021-27912 was published for mautic/core (Composer) Sep 1, 2021
MatisAct rohitp19
XSS in Image Optimization API for Next.js High
CVE-2021-39178 was published for next (npm) Sep 1, 2021
tdunlap607
Improper Neutralization of Text-Values in Object Version Preview High
CVE-2021-39166 was published for pimcore/pimcore (Composer) Sep 1, 2021
Improper Encoding or Escaping of Output in Asset Metadata Component High
CVE-2021-39170 was published for pimcore/pimcore (Composer) Sep 1, 2021
Cross-site scripting vulnerability in file upload High
CVE-2021-39136 was published for baserproject/basercms (Composer) Aug 30, 2021
XSS in mdBook High
CVE-2020-26297 was published for mdBook (Rust) Aug 25, 2021
vavkamil
Cross-Site Scripting via SVG media files High
CVE-2021-37710 was published for shopware/core (Composer) Aug 23, 2021
Fake objects feature vulnerability allowing to execute JavaScript code using malformed HTML. High
CVE-2021-37695 was published for ckeditor4 (npm) Aug 23, 2021
Widget feature vulnerability allowing to execute JavaScript code using undo functionality High
CVE-2021-32808 was published for ckeditor4 (npm) Aug 23, 2021
Special Element Injection in notebook High
CVE-2021-32798 was published for notebook (pip) Aug 23, 2021
0xDeva
Cross-site scripting High
CVE-2021-21422 was published for mongo-express (npm) Jun 28, 2021
JafarAkhondali
Reflected XSS from the callback handler's error query parameter High
CVE-2021-32702 was published for @auth0/nextjs-auth0 (npm) Jun 28, 2021
inian git-ishanpatel
Cross-Site Scripting High
CVE-2021-20293 was published for org.jboss.resteasy:resteasy-bom (Maven) Jun 15, 2021
Duplicate Advisory: Reflected cross-site scripting issue in Datasette High
GHSA-gff3-739c-gxfq was published for datasette (pip) Jun 10, 2021 withdrawn
Reflected XSS when using flashMessages or languageDictionary High
CVE-2021-32641 was published for auth0-lock (npm) Jun 4, 2021
Rancher Vulnerable to Cross-site Request Forgery (CSRF) High
CVE-2019-13209 was published for github.com/rancher/rancher (Go) May 18, 2021
Insecure template handling in haml-coffee High
CVE-2021-32818 was published for haml-coffee (npm) May 17, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database