Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

37,007 advisories

Loading
DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud... Moderate Unreviewed
CVE-2021-3370 was published Dec 9, 2021
The WordPress Events Calendar WordPress plugin before 1.4.5 does not sanitize and escapes a... Moderate Unreviewed
CVE-2022-4320 was published Jan 16, 2023
The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and... Moderate Unreviewed
CVE-2021-24759 was published Dec 7, 2021
The Pixel Cat WordPress plugin before 2.6.3 does not escape some of its settings, which could... Moderate Unreviewed
CVE-2021-24972 was published Dec 14, 2021
Insufficient Input Validation in the search functionality of Wordpress plugin Share-one-Drive... Moderate Unreviewed
CVE-2021-42548 was published Dec 14, 2021
The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before... Moderate Unreviewed
CVE-2021-24896 was published Dec 14, 2021
Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin... Moderate Unreviewed
CVE-2021-36911 was published Dec 11, 2021
Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior... Moderate Unreviewed
CVE-2021-20855 was published Dec 2, 2021
YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerability in src/Client.php. The... Moderate Unreviewed
CVE-2021-43690 was published Dec 2, 2021
Cross-site Scripting in kimai2 Moderate
CVE-2021-3983 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K,... Moderate Unreviewed
CVE-2021-20847 was published Dec 2, 2021
Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior... Moderate Unreviewed
CVE-2021-20858 was published Dec 2, 2021
In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to... Moderate Unreviewed
CVE-2021-36760 was published Dec 8, 2021
thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS)... Moderate Unreviewed
CVE-2021-43682 was published Dec 3, 2021
A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited,... Moderate Unreviewed
CVE-2021-40094 was published Dec 8, 2021
The Shiny Buttons WordPress plugin through 1.1.0 does not have any authorisation and CSRF in... Moderate Unreviewed
CVE-2021-24792 was published Dec 14, 2021
The WP System Log WordPress plugin before 1.0.21 does not sanitise, validate and escape the IP... Moderate Unreviewed
CVE-2021-24756 was published Dec 14, 2021
The Flex Local Fonts WordPress plugin through 1.0.0 does not escape the Class Name field when... Moderate Unreviewed
CVE-2021-24782 was published Dec 14, 2021
A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server feature services versions... Moderate Unreviewed
CVE-2021-29116 was published Dec 8, 2021
dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in... Moderate Unreviewed
CVE-2021-43673 was published Dec 4, 2021
Unsafe inline XSS in pasting DOM element into chat High
CVE-2021-39183 was published for github.com/owncast/owncast (Go) Dec 14, 2021
intrigus-lgtm
The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the... Moderate Unreviewed
CVE-2021-38361 was published Dec 15, 2021
snipe-it is vulnerable to Cross-site Scripting Moderate
CVE-2021-4108 was published for snipe/snipe-it (Composer) Dec 16, 2021
An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the... Moderate Unreviewed
CVE-2021-23860 was published Dec 9, 2021
The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2021-39309 was published Dec 15, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database