Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

37,007 advisories

Loading
The Metricool WordPress plugin before 1.18 does not sanitise and escape some of its settings,... Moderate Unreviewed
CVE-2022-4299 was published Jan 16, 2023
The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in... Moderate Unreviewed
CVE-2022-4410 was published Dec 15, 2022
An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4. Improper validation of input into... Moderate Unreviewed
CVE-2021-41871 was published Dec 16, 2021
A cross site scripting (XSS) vulnerability in Genesys Workforce Management 8.5.214.20 can occur ... Moderate Unreviewed
CVE-2021-26787 was published Dec 16, 2021
The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2021-25041 was published Dec 7, 2021
An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9,... Moderate Unreviewed
CVE-2017-17478 was published May 13, 2022
Cross-site Scripting (XSS) - Stored in GitHub repository alfio-event/alf.io prior to Alf.io 2.0... Moderate Unreviewed
CVE-2023-0301 was published Jan 14, 2023
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management... Moderate Unreviewed
CVE-2021-41962 was published Dec 17, 2021
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's... Moderate Unreviewed
CVE-2021-45086 was published Dec 17, 2021
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation (... Moderate Unreviewed
CVE-2021-4124 was published Dec 17, 2021
The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's... Moderate Unreviewed
CVE-2021-24714 was published Dec 7, 2021
Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to... Moderate Unreviewed
CVE-2020-19611 was published Dec 8, 2021
The WP Google Fonts WordPress plugin before 3.1.5 does not escape the googlefont_ajax_name and... Moderate Unreviewed
CVE-2021-24935 was published Dec 7, 2021
The Welcart e-Commerce WordPress plugin before 2.8.9 does not validate and escapes one of its... Moderate Unreviewed
CVE-2022-4655 was published Jan 16, 2023
The Link Library WordPress plugin before 7.4.1 does not sanitise and escape some of its settings,... Moderate Unreviewed
CVE-2022-4199 was published Jan 16, 2023
IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5... Moderate Unreviewed
CVE-2021-38883 was published Dec 18, 2021
Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior... Moderate Unreviewed
CVE-2021-25520 was published Dec 9, 2021
A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows... Moderate Unreviewed
CVE-2021-40092 was published Dec 8, 2021
PineApp - Mail Secure - Attacker sending a request to :/blocking.php?url=<script>alert(1)</script... Moderate Unreviewed
CVE-2021-36720 was published Dec 9, 2021
The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its... Moderate Unreviewed
CVE-2022-4648 was published Jan 16, 2023
The Video Conferencing with Zoom WordPress plugin before 4.0.10 does not validate and escape some... Moderate Unreviewed
CVE-2022-4578 was published Jan 16, 2023
The WP Spell Check WordPress plugin before 9.13 does not escape ignored words, which could allow... Moderate Unreviewed
CVE-2022-2658 was published Jan 16, 2023
The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the... Moderate Unreviewed
CVE-2021-24938 was published Dec 7, 2021
The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it... Moderate Unreviewed
CVE-2021-24924 was published Dec 7, 2021
Cross site scripting in remdex/livehelperchat Moderate
CVE-2021-4050 was published for remdex/livehelperchat (Composer) Dec 10, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database