GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,600 advisories
Filter by severity
Stored Cross-Site Scripting in tianma-static
Moderate
CVE-2018-16474
was published
for
tianma-static
(npm)
Nov 6, 2018
Loofah Cross-site Scripting vulnerability
Moderate
CVE-2018-16468
was published
for
loofah
(RubyGems)
Nov 1, 2018
Apache ActiveMQ web console vulnerable to Cross-site Scripting
Moderate
CVE-2018-8006
was published
for
org.apache.activemq:activemq-web-console
(Maven)
Oct 30, 2018
No Charset in Content-Type Header in express
Moderate
CVE-2014-6393
was published
for
express
(npm)
Oct 23, 2018
Cross-Site Scripting in handlebars
Moderate
CVE-2015-8861
was published
for
handlebars
(npm)
Oct 23, 2018
Moderate severity vulnerability that affects org.grails.plugins:fields and org.grails:grails-core
Moderate
CVE-2018-1000529
was published
for
org.grails.plugins:fields
(Maven)
Oct 19, 2018
OWASP AntiSamy Cross-site Scripting vulnerability
Moderate
CVE-2017-14735
was published
for
org.owasp.antisamy:antisamy
(Maven)
Oct 18, 2018
Moderate severity vulnerability that affects org.owasp.antisamy:antisamy
Moderate
CVE-2016-10006
was published
for
org.owasp.antisamy:antisamy
(Maven)
Oct 18, 2018
Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies
Moderate
CVE-2016-8751
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML
Moderate
CVE-2016-5395
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects apache axis
Moderate
CVE-2018-8032
was published
for
axis:axis
(Maven)
Oct 16, 2018
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN)
Moderate
CVE-2016-7119
was published
for
DotNetNuke.Core
(NuGet)
Oct 16, 2018
Moderate severity vulnerability that affects DotNetNuke.Core
Moderate
CVE-2015-1566
was published
for
DotNetNuke.Core
(NuGet)
Oct 16, 2018
Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page
Moderate
CVE-2018-18282
was published
for
next
(npm)
Oct 15, 2018
Cross-Site Scripting in sexstatic
Moderate
CVE-2018-3755
was published
for
sexstatic
(npm)
Oct 1, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14041
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Qutebrowser XSS Vulnerability
Moderate
CVE-2018-1000559
was published
for
qutebrowser
(pip)
Sep 13, 2018
Cross-Site Scripting in exceljs
Moderate
CVE-2018-16459
was published
for
exceljs
(npm)
Sep 11, 2018
Moderate severity vulnerability that affects mayan-edms
Moderate
CVE-2018-16407
was published
for
mayan-edms
(pip)
Sep 6, 2018
Moderate severity vulnerability that affects mayan-edms
Moderate
CVE-2018-16406
was published
for
mayan-edms
(pip)
Sep 6, 2018
mayan-edms Cross-site Scripting vulnerability
Moderate
CVE-2018-16405
was published
for
mayan-edms
(pip)
Sep 6, 2018
Pandao editor.md vulnerable to XSS in IMG attributes
Moderate
CVE-2018-16330
was published
for
editor.md
(npm)
Sep 6, 2018
ProTip!
Advisories are also available from the
GraphQL API