Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

37,022 advisories

Loading
The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the... Moderate Unreviewed
CVE-2021-24768 was published Nov 30, 2021
kimai2 is vulnerable to Cross-site Scripting High
CVE-2021-3985 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior... Moderate Unreviewed
CVE-2021-20856 was published Dec 2, 2021
Cross-site Scripting in pegasus/google-for-jobs Moderate
CVE-2021-43561 was published for pegasus/google-for-jobs (Composer) Nov 15, 2021
A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web... Moderate Unreviewed
CVE-2021-35415 was published Dec 4, 2021
Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the... Moderate Unreviewed
CVE-2021-25785 was published Dec 4, 2021
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup... Moderate Unreviewed
CVE-2021-36884 was published Nov 20, 2021
Cross-site Scripting in pekeupload Moderate
CVE-2021-23673 was published for pekeupload (npm) Dec 2, 2021
The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2021-42363 was published Nov 20, 2021
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle... Moderate Unreviewed
CVE-2019-0869 was published May 13, 2022
A spoofing vulnerability exists when a Lync Server or Skype for Business Server does not properly... Moderate Unreviewed
CVE-2019-0798 was published May 13, 2022
OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature. Moderate Unreviewed
CVE-2021-33490 was published Nov 23, 2021
An unspecified version of Workerman-ThinkPHP-Redis is affected by a Cross Site Scripting (XSS)... Moderate Unreviewed
CVE-2021-43697 was published Nov 30, 2021
The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does not sanitise the Grid... Moderate Unreviewed
CVE-2021-24729 was published Nov 24, 2021
Stored XSS vulnerability in Jenkins Custom Checkbox Parameter Plugin High
CVE-2022-43425 was published for io.jenkins.plugins:custom-checkbox-parameter (Maven) Oct 19, 2022
NotMyFault
The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container... Moderate Unreviewed
CVE-2021-24751 was published Nov 30, 2021
The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product... Moderate Unreviewed
CVE-2021-24811 was published Nov 30, 2021
The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text... Moderate Unreviewed
CVE-2021-24883 was published Nov 30, 2021
The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and escape any of its Labels... Moderate Unreviewed
CVE-2021-24899 was published Nov 30, 2021
The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback... Moderate Unreviewed
CVE-2021-24927 was published Nov 30, 2021
A spoofing vulnerability exists when a Skype for Business 2015 server does not properly sanitize... Moderate Unreviewed
CVE-2019-0624 was published May 13, 2022
A vulnerability was found in yanheven console and classified as problematic. Affected by this... Moderate Unreviewed
CVE-2014-125078 was published Jan 15, 2023
The Seriously Simple Podcasting WordPress plugin before 2.19.1 does not validate and escape some... Moderate Unreviewed
CVE-2022-4571 was published Jan 16, 2023
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products... Moderate Unreviewed
CVE-2021-43294 was published Dec 1, 2021
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows... Moderate Unreviewed
CVE-2021-29849 was published Dec 2, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database