Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

361 advisories

Loading
Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code... Critical Unreviewed
CVE-2022-28464 was published Apr 28, 2022
Cross site scripting in FacturaScripts Critical
CVE-2022-1514 was published for facturascripts/facturascripts (Composer) Apr 29, 2022
Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing... Critical Unreviewed
CVE-2022-28101 was published Apr 29, 2022
AEM's Cloud Service offering, as well as versions 6.5.6.0 (and below), 6.4.8.2 (and below) and 6... Critical Unreviewed
CVE-2020-24445 was published May 24, 2022
Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore... Critical Unreviewed
CVE-2021-33501 was published May 24, 2022
Joplin is vulnerable to arbitrary code execution Critical
CVE-2022-35131 was published for joplin (npm) Jul 26, 2022
Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to... Critical Unreviewed
CVE-2022-40004 was published Dec 16, 2022
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a... Critical Unreviewed
CVE-2021-3693 was published May 24, 2022
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a... Critical Unreviewed
CVE-2021-3694 was published May 24, 2022
This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to... Critical Unreviewed
CVE-2021-35222 was published May 24, 2022
On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross... Critical Unreviewed
CVE-2021-23037 was published May 24, 2022
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before... Critical Unreviewed
CVE-2021-23038 was published May 24, 2022
keycloak Self Stored Cross-site Scripting vulnerability Critical
CVE-2021-20195 was published for org.keycloak:keycloak-core (Maven) Jun 8, 2021
Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in... Critical Unreviewed
CVE-2020-23719 was published May 24, 2022
Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP... Critical Unreviewed
CVE-2020-23754 was published May 24, 2022
Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute... Critical Unreviewed
CVE-2020-23718 was published May 24, 2022
Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute... Critical Unreviewed
CVE-2020-20982 was published May 24, 2022
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail"... Critical Unreviewed
CVE-2021-24693 was published May 24, 2022
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress... Critical Unreviewed
CVE-2021-43047 was published May 24, 2022
The Jetpack Scan team identified a Reflected Cross-Site Scripting via the... Critical Unreviewed
CVE-2021-24229 was published May 24, 2022
Valine code injection vulnerability Critical
CVE-2022-38545 was published for valine (npm) Sep 20, 2022
The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable... Critical Unreviewed
CVE-2022-30577 was published Sep 22, 2022
A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo... Critical Unreviewed
CVE-2022-28712 was published Aug 23, 2022
XSS via prototype pollution in NodeBB Critical
CVE-2021-43787 was published for nodebb (npm) Nov 30, 2021
paul-gerste-sonarsource
Cross site scripting vulnerability with discussion titles Critical
CVE-2022-41938 was published for flarum/core (Composer) Nov 21, 2022
dangzed
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database