Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

37,022 advisories

Loading
Cross-site scripting in PageKit Moderate
CVE-2021-32245 was published for pagekit/pagekit (Composer) Jun 22, 2021
Cross-site scripting in ICEcoder Moderate
CVE-2021-32106 was published for icecoder/icecoder (Composer) Sep 9, 2021
Reflected XSS when using flashMessages or languageDictionary High
CVE-2021-32641 was published for auth0-lock (npm) Jun 4, 2021
Promise Technology WebPam Pro-E devices allow remote attackers to conduct XSS, HTTP Response... Moderate Unreviewed
CVE-2018-6603 was published May 13, 2022
Passing in a non-string 'html' argument can lead to unsanitized output Moderate
CVE-2021-32696 was published for striptags (npm) Jun 18, 2021
erik-krogh
Cross-site scripting High
CVE-2021-21422 was published for mongo-express (npm) Jun 28, 2021
JafarAkhondali
Fake objects feature vulnerability allowing to execute JavaScript code using malformed HTML. High
CVE-2021-37695 was published for ckeditor4 (npm) Aug 23, 2021
Cross-site Scripting in curly-bracket-parser Moderate
CVE-2021-23416 was published for curly-bracket-parser (npm) Aug 10, 2021
An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS... Moderate Unreviewed
CVE-2022-37150 was published Aug 27, 2022
Cross-site Scripting in Wildfly Low
CVE-2021-3536 was published for org.wildfly:wildfly-parent (Maven) May 25, 2021
Clipboard-based DOM-XSS Moderate
CVE-2021-37700 was published for @github/paste-markdown (npm) Aug 12, 2021
bananabr
Cross-site Scripting in the femanager TYPO3 extension Moderate
CVE-2021-36787 was published for in2code/femanager (Composer) Sep 1, 2021
Cross-site scripting in feehicms Moderate
CVE-2020-19709 was published for feehi/feehicms (Composer) Aug 30, 2021
Cross Site Scripting in Subrion CMS Moderate
CVE-2020-22392 was published for intelliants/subrion (Composer) Sep 1, 2021
Cross-site Scripting in the yoast_seo TYPO3 extension Moderate
CVE-2021-36788 was published for yoast-seo-for-typo3/yoast_seo (Composer) Sep 1, 2021
XSS in svg2png (NPM package) Moderate
CVE-2020-11887 was published for svg2png (npm) Jan 6, 2022
Croos-site scripting in Croogo Low
CVE-2019-20789 was published for croogo/croogo (Composer) Jun 22, 2021
Cross-site Scripting in file-upload-with-preview Moderate
CVE-2021-23439 was published for file-upload-with-preview (npm) Sep 7, 2021
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS). An attacker can obtain... Moderate Unreviewed
CVE-2022-37162 was published Aug 26, 2022
Cross-site scripting in Dutchcoders transfer.sh Moderate
CVE-2021-33496 was published for github.com/dutchcoders/transfer.sh (Go) Jun 29, 2021
PHP Scripts Mall Consumer Reviews Script 4.0.3 has HTML injection via the search box. Moderate Unreviewed
CVE-2018-20627 was published May 13, 2022
PHP Scripts Mall Basic B2B Script 2.0.9 has HTML injection via the First Name or Last Name field. Moderate Unreviewed
CVE-2018-20645 was published May 13, 2022
PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 has HTML injection via the First... Moderate Unreviewed
CVE-2018-20636 was published May 13, 2022
Cross-site Scripting in GilaCMS Moderate
CVE-2020-20695 was published for gilacms/gila (Composer) Sep 30, 2021
Cross-site Scripting in LaraCMS Moderate
CVE-2020-20129 was published for wanglelecc/laracms (Composer) Oct 4, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database