GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,904
Composer 4,871
Erlang 37
GitHub Actions 36
Go 2,504
Maven 5,949
npm 4,149
NuGet 735
pip 3,949
Pub 12
RubyGems 945
Rust 1,025
Swift 39

Unreviewed advisories

All unreviewed 269,783

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

37,042 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.6.3 allow remote attackers... Moderate Unreviewed

CVE-2015-8376 was published May 13, 2022

XSS in CreateQueuedJobTask Moderate

CVE-2021-27938 was published for symbiote/silverstripe-queuedjobs (Composer) Mar 24, 2021

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 before Update 12, 9.0.1 before... Low Unreviewed

CVE-2013-5326 was published May 13, 2022

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before... Moderate Unreviewed

CVE-2016-1113 was published May 13, 2022

Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have... Moderate Unreviewed

CVE-2018-4941 was published May 13, 2022

Potential XSS injection in the newsletter conditions field Moderate

CVE-2021-21418 was published for prestashop/ps_emailsubscription (Composer) Apr 6, 2021

Cross-site scripting (XSS) vulnerability in template/usererror.missing_extension.php in Symphony... Moderate Unreviewed

CVE-2017-5542 was published May 13, 2022

Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to content/content... Moderate Unreviewed

CVE-2017-8876 was published May 13, 2022

Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows remote attackers to inject... Moderate Unreviewed

CVE-2015-4661 was published May 13, 2022

Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote... Moderate Unreviewed

CVE-2010-3457 was published May 13, 2022

Cross-site Scripting in Keycloak Moderate

CVE-2020-10748 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022

In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a "Calendar -> New Event"... Moderate Unreviewed

CVE-2017-16906 was published May 13, 2022

Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Totalsoft Event... Moderate Unreviewed

CVE-2022-36390 was published Sep 22, 2022

Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in Themes Awesome History... Moderate Unreviewed

CVE-2022-37328 was published Sep 25, 2022

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PCA Predict plugin <= 1... Moderate Unreviewed

CVE-2022-40195 was published Sep 25, 2022

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action. Moderate Unreviewed

CVE-2017-16907 was published May 13, 2022

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Max Foundry Button... Moderate Unreviewed

CVE-2022-38703 was published Sep 25, 2022

Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom form field. Moderate Unreviewed

CVE-2017-6067 was published May 13, 2022

Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen... Moderate Unreviewed

CVE-2016-5660 was published May 13, 2022

Cross-site scripting (XSS) vulnerability in multiple Rocomotion products, including P board 1.18... Moderate Unreviewed

CVE-2010-3931 was published May 13, 2022

A vulnerability in the web framework of Cisco Small Business Managed Switches software could... Moderate Unreviewed

CVE-2017-12307 was published May 13, 2022

Stored cross-site scripting in Grid component in Vaadin 7 and 8 Moderate

CVE-2019-25028 was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021

Cross-site scripting in Apache CXF Moderate

CVE-2020-13954 was published for org.apache.cxf:apache-cxf (Maven) Apr 22, 2021

Cross-site Scripting in reveal.js Moderate

CVE-2020-8127 was published for reveal.js (npm) May 10, 2021

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in Awesome Filterable Portfolio... Moderate Unreviewed

CVE-2022-40193 was published Sep 25, 2022

Previous 1…389…400 Next

Previous 1 2 … 387 388 389 390 391 … 399 400 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

37,042 advisories