Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

361 advisories

Loading
The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add... Critical Unreviewed
CVE-2022-22769 was published Jan 20, 2022
/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_filter'] in a PHP echo call. Critical Unreviewed
CVE-2022-23993 was published Jan 27, 2022
Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using... Critical Unreviewed
CVE-2021-40909 was published Jan 25, 2022
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26,... Critical Unreviewed
CVE-2021-24814 was published Feb 8, 2022
ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability... Critical Unreviewed
CVE-2022-42989 was published Nov 22, 2022
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This... Critical Unreviewed
CVE-2022-24123 was published Jan 31, 2022
A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool... Critical Unreviewed
CVE-2021-42940 was published Feb 12, 2022
Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated... Critical Unreviewed
CVE-2022-21241 was published Feb 9, 2022
A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling... Critical Unreviewed
CVE-2021-44749 was published Mar 7, 2022
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross... Critical Unreviewed
CVE-2022-25395 was published Mar 4, 2022
Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability... Critical Unreviewed
CVE-2022-25069 was published Mar 6, 2022
Answer contains Cross-site Scripting vulnerability Critical
CVE-2023-0742 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Cross-site scripting vulnerability found in answerdev/answer Critical
CVE-2023-0740 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3... Critical Unreviewed
CVE-2023-24508 was published Jan 26, 2023
Answer has Cross-site Scripting vulnerability Critical
CVE-2023-0741 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Answer subject to Cross-site Scripting vulnerability Critical
CVE-2023-0743 was published for github.com/answerdev/answer (Go) Feb 8, 2023
** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Slice 1st... Critical Unreviewed
CVE-2021-37373 was published Feb 3, 2023
**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet 2540 series printer... Critical Unreviewed
CVE-2022-48311 was published Feb 6, 2023
Cross-site Scripting in kimai/kimai Critical
CVE-2020-19825 was published for kimai/kimai (Composer) Feb 16, 2023
The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in... Critical Unreviewed
CVE-2019-13478 was published May 24, 2022
Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21... Critical Unreviewed
CVE-2021-32852 was published Feb 21, 2023
Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code... Critical Unreviewed
CVE-2021-33387 was published Feb 24, 2023
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before... Critical Unreviewed
CVE-2021-33351 was published Mar 9, 2023
Cross Site Scripting vulnerability found in Markdown Edit allows a remote attacker to execute... Critical Unreviewed
CVE-2020-19947 was published Mar 16, 2023
Cross-Site Scripting in swagger-ui Critical
GHSA-g336-c7wv-8hp3 was published for swagger-ui (npm) Sep 1, 2020
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database