Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

137,201 advisories

Loading
The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting... Moderate Unreviewed
CVE-2021-25006 was published Mar 15, 2022
The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg... Moderate Unreviewed
CVE-2022-0161 was published Mar 15, 2022
Cross-site Scripting in ShowDoc Moderate
CVE-2022-0946 was published for showdoc/showdoc (Composer) Mar 15, 2022
The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings,... Moderate Unreviewed
CVE-2022-0700 was published Mar 15, 2022
The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination... Moderate Unreviewed
CVE-2022-0701 was published Mar 15, 2022
The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing... Moderate Unreviewed
CVE-2022-0702 was published Mar 15, 2022
The WP Voting Contest WordPress plugin through 2.1 does not sanitise and escape the post_id... Moderate Unreviewed
CVE-2022-0321 was published Mar 15, 2022
The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the... Moderate Unreviewed
CVE-2022-0327 was published Mar 15, 2022
The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing... Moderate Unreviewed
CVE-2022-0659 was published Mar 15, 2022
Improper Restriction of Rendered UI Layers or Frames in Sylius Moderate
CVE-2022-24733 was published for sylius/sylius (Composer) Mar 14, 2022
phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter (aka num or number). Moderate Unreviewed
CVE-2021-46709 was published Mar 14, 2022
Cross-site Scripting in microweber Moderate
CVE-2022-0926 was published for microweber/microweber (Composer) Mar 13, 2022
Cross-site Scripting in Alist Moderate
CVE-2022-26533 was published for github.com/Xhofe/alist (Go) Mar 13, 2022
Cross-site Scripting in microweber Moderate
CVE-2022-0929 was published for microweber/microweber (Composer) Mar 13, 2022
Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/sylius Moderate
CVE-2022-24749 was published for Sylius/Sylius (Composer) Mar 14, 2022
Ocramius
IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated... Moderate Unreviewed
CVE-2022-22353 was published Mar 15, 2022
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request... Moderate Unreviewed
CVE-2021-39051 was published Mar 15, 2022
The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and... Moderate Unreviewed
CVE-2022-0230 was published Mar 15, 2022
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows... Moderate Unreviewed
CVE-2021-44964 was published Mar 15, 2022
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting.... Moderate Unreviewed
CVE-2021-39055 was published Mar 15, 2022
IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an... Moderate Unreviewed
CVE-2021-38971 was published Mar 15, 2022
The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape... Moderate Unreviewed
CVE-2022-0147 was published Mar 15, 2022
Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects:... Moderate Unreviewed
CVE-2022-24384 was published Mar 15, 2022
Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via... Moderate Unreviewed
CVE-2022-25489 was published Mar 16, 2022
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form... Moderate Unreviewed
CVE-2022-0593 was published Mar 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database