Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

37,007 advisories

Loading
A improper neutralization of input during web page generation ('cross-site scripting') in... Moderate Unreviewed
CVE-2021-43063 was published Dec 9, 2021
A improper neutralization of input during web page generation ('cross-site scripting') in... Moderate Unreviewed
CVE-2021-42752 was published Dec 9, 2021
Cross-site Scripting in pimcore Moderate
CVE-2021-4084 was published for pimcore/pimcore (Composer) Dec 16, 2021
Insufficient Input Validation in the search functionality of Wordpress plugin Lets-Box prior to 1... Moderate Unreviewed
CVE-2021-42549 was published Dec 14, 2021
Insufficient Input Validation in the search functionality of Wordpress plugin Use-Your-Drive... Moderate Unreviewed
CVE-2021-42546 was published Dec 14, 2021
yetiforcecrm is vulnerable to Cross-site Scripting Moderate
CVE-2021-4116 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications... Moderate Unreviewed
CVE-2021-36450 was published Dec 16, 2021
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the... Moderate Unreviewed
CVE-2021-24925 was published Dec 14, 2021
The Display Post Metadata WordPress plugin before 1.5.0 adds a shortcode to print out custom... Moderate Unreviewed
CVE-2021-24855 was published Dec 14, 2021
An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in... Moderate Unreviewed
CVE-2021-44043 was published Dec 15, 2021
Stored XSS vulnerability in Jenkins Checkmarx Plugin High
CVE-2022-46684 was published for com.checkmarx.jenkins:checkmarx (Maven) Dec 12, 2022
NotMyFault
The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the... Moderate Unreviewed
CVE-2021-39313 was published Dec 15, 2021
An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS. Moderate Unreviewed
CVE-2021-42050 was published Dec 15, 2021
SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not... Moderate Unreviewed
CVE-2021-42061 was published Dec 15, 2021
The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the ids... Moderate Unreviewed
CVE-2021-39315 was published Dec 15, 2021
The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use... Moderate Unreviewed
CVE-2021-39310 was published Dec 15, 2021
yetiforcecrm is vulnerable to Cross-site Scripting Moderate
CVE-2021-4107 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
Cross Site Scripting (XSS) vulnerability exists in Catfish <=6.3.0 via a Google search in url:... Moderate Unreviewed
CVE-2021-45018 was published Dec 17, 2021
The link-list-manager WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the... Moderate Unreviewed
CVE-2021-39311 was published Dec 15, 2021
Cross-site Scripting in Anchor CMS Moderate
CVE-2021-44116 was published for anchorcms/anchor-cms (Composer) Jan 5, 2022
Cross-site Scripting (XSS) - Reflected in GitHub repository alfio-event/alf.io prior to 2.0-M4-2301. Moderate Unreviewed
CVE-2023-0300 was published Jan 14, 2023
Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists... Moderate Unreviewed
CVE-2019-16295 was published May 24, 2022
PHP Scripts Mall Opensource Classified Ads Script 3.2.2 has reflected HTML injection via the... Moderate Unreviewed
CVE-2019-7435 was published May 13, 2022
PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile... Moderate Unreviewed
CVE-2019-7432 was published May 13, 2022
The RSSImport WordPress plugin through 4.6.1 does not validate and escape one of its shortcode... Moderate Unreviewed
CVE-2022-4658 was published Jan 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database