Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

378 advisories

Loading
Twisted vulnerable to NameVirtualHost Host header injection Moderate
CVE-2022-39348 was published for twisted (pip) Oct 26, 2022
westonsteimel
Inventree vulnerable to Stored Cross-site Scripting Moderate
CVE-2022-3355 was published for inventree (pip) Sep 30, 2022
Deluge Web-UI vulnerable to XSS through a crafted torrent file Moderate
CVE-2021-3427 was published for deluge (pip) Aug 27, 2022
nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths Moderate
CVE-2021-32862 was published for nbconvert (pip) Aug 10, 2022
pwntester
Fava vulnerable to reflected cross-site scripting Moderate
CVE-2022-2589 was published for fava (pip) Aug 2, 2022
Fava vulnerable to Reflected Cross-site Scripting Moderate
CVE-2022-2523 was published for fava (pip) Jul 26, 2022
Fava time and filter parameters vulnerable to reflected Cross-site Scripting Moderate
CVE-2022-2514 was published for fava (pip) Jul 26, 2022
Django REST framework XSS Vulnerability Moderate
CVE-2018-25045 was published for django-rest-framework (pip) Jul 24, 2022
Whoogle Search Cross-site Scripting via string parameter Moderate
CVE-2022-25303 was published for whoogle-search (pip) Jul 15, 2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares Moderate
GHSA-c58j-88f5-h53f was published for pycares (pip) Jul 5, 2022
XSS Vulnerability in Markdown Editor High
GHSA-85q9-7467-r53q was published for inventree (pip) Jun 17, 2022
Gaurav-G2
Cross Site Scripting vulnerability in django-jsonform's admin form. High
GHSA-x9jp-4w8m-4f3c was published for django-jsonform (pip) Jun 10, 2022
Apache Superset Stored XSS on Dashboard markdown Moderate
CVE-2021-27907 was published for apache-superset (pip) May 24, 2022
Plone XSS Vulnerability Moderate
CVE-2021-29002 was published for plone (pip) May 24, 2022
Apache Superset Cross-site Scripting (XSS) vulnerability on the Explore page Moderate
CVE-2021-32609 was published for apache-superset (pip) May 24, 2022
Mezzanine Cross Site Scripting (XSS) vulnerability Moderate
CVE-2020-19002 was published for Mezzanine (pip) May 24, 2022
Lin-CMS-Flask Cross Site Scripting (XSS) vulnerability Moderate
CVE-2020-18699 was published for lin-cms (pip) May 24, 2022
Plone has stored XSS in folder contents Moderate
CVE-2021-35959 was published for plone (pip) May 24, 2022
Plone XSS in User Fullname Property and File Upload Moderate
CVE-2021-3313 was published for plone (pip) May 24, 2022
OctoPrint API Error Messages vulnerable to XSS Moderate
CVE-2021-32561 was published for OctoPrint (pip) May 24, 2022
Cabot Cross Site Scripting (XSS) vulnerability via Address column Moderate
CVE-2020-25449 was published for cabot (pip) May 24, 2022
Locust Stored Cross-site Scripting Vulnerability Moderate
CVE-2020-28364 was published for locust (pip) May 24, 2022
Cabot Cross Site Scripting (XSS) vulnerability via Endpoint column Low
CVE-2020-7734 was published for cabot (pip) May 24, 2022
Plone cross site scripting (XSS) Moderate
CVE-2020-7937 was published for Plone (pip) May 24, 2022
PyDio Stored XSS Vulnerability Moderate
CVE-2019-10047 was published for Pydio (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database