Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

37,022 advisories

Loading
Cross-site Scripting in RosarioSIS Moderate
CVE-2020-15721 was published for francoisjacquet/rosariosis (Composer) Feb 10, 2022
Cross-site scripting in forkcms Moderate
CVE-2020-23263 was published for forkcms/forkcms (Composer) Feb 10, 2022
Cross-Site Request Forgery in mm_forum Moderate Unreviewed
CVE-2020-15516 was published Feb 15, 2022
Cross-site scripting in json-sanitizer Moderate
CVE-2020-13973 was published for com.mikesamuel:json-sanitizer (Maven) Feb 10, 2022
Cross-site scripting in Zimbra Moderate Unreviewed
CVE-2020-11737 was published May 25, 2021
Cross-site scripting in Apache Syncome EndUser Low
CVE-2019-17557 was published for org.apache.syncope.client:syncope-client-enduser (Maven) Jan 6, 2022
Cross-site scripting in Shopizer Moderate
CVE-2021-33562 was published for com.shopizer:shopizer (Maven) Jun 8, 2021
Cross-site scripting in Shopizer Moderate
CVE-2021-33561 was published for com.shopizer:shopizer (Maven) Jun 8, 2021
XSS in doc_link High
CVE-2021-29625 was published for vrana/adminer (Composer) Mar 18, 2022
stypr
Cross-site scripting in react-bootstrap-table Moderate
CVE-2021-23398 was published for react-bootstrap-table (npm) Dec 10, 2021
Cross-Site Scripting High
CVE-2021-20293 was published for org.jboss.resteasy:resteasy-bom (Maven) Jun 15, 2021
IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. A remote attacker... Moderate Unreviewed
CVE-2018-1671 was published May 13, 2022
Cross-site scripting in jfinal Moderate
CVE-2021-33348 was published for com.jfinal:jfinal (Maven) Aug 13, 2021
Cross-site scripting in LavaLite-CMS Moderate
CVE-2020-23700 was published for lavalite/cms (Composer) Sep 8, 2021
XSS vulnerability with translator Critical
CVE-2021-32671 was published for flarum/core (Composer) Jun 7, 2021
davwheat
Reflected XSS from the callback handler's error query parameter High
CVE-2021-32702 was published for @auth0/nextjs-auth0 (npm) Jun 28, 2021
inian git-ishanpatel
Cross-site scripting Moderate
CVE-2021-32713 was published for shopware/shopware (Composer) Sep 8, 2021
Cross-site scripting in Apache Jena Fuseki Moderate
CVE-2021-33192 was published for org.apache.jena:jena-fuseki (Maven) Aug 13, 2021
Widget feature vulnerability allowing to execute JavaScript code using undo functionality High
CVE-2021-32808 was published for ckeditor4 (npm) Aug 23, 2021
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to... High Unreviewed
CVE-2018-13359 was published May 13, 2022
In Metinfo 6.1.3, include/interface/applogin.php allows setting arbitrary HTTP headers (including... Moderate Unreviewed
CVE-2018-19836 was published May 13, 2022
SAP BusinessObjects Business Intelligence (BI Launchpad and Central Management Console) versions... Moderate Unreviewed
CVE-2018-2432 was published May 13, 2022
Cross-site scripting in RESTEasy Moderate
CVE-2020-10688 was published for org.jboss.resteasy:resteasy-bom (Maven) Jun 15, 2021
Clipboard feature vulnerability allowing to inject arbitrary HTML into the editor using paste functionality Moderate
CVE-2021-32809 was published for ckeditor4 (npm) Aug 23, 2021
The Live Bookmarks page and the PDF viewer can run injected script content if a user pastes... Moderate Unreviewed
CVE-2018-5172 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database