Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

295 advisories

Loading
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18... Critical Unreviewed
CVE-2022-1575 was published May 6, 2022
Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing... Critical Unreviewed
CVE-2022-28101 was published Apr 29, 2022
Cross site scripting in FacturaScripts Critical
CVE-2022-1514 was published for facturascripts/facturascripts (Composer) Apr 29, 2022
Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code... Critical Unreviewed
CVE-2022-28464 was published Apr 28, 2022
Cross site scripting in facturascripts Critical
CVE-2022-1457 was published for neorazorx/facturascripts (Composer) Apr 26, 2022
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes Functionality of... Critical Unreviewed
CVE-2021-42136 was published Apr 14, 2022
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to... Critical Unreviewed
CVE-2022-1344 was published Apr 14, 2022
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows... Critical Unreviewed
CVE-2022-1346 was published Apr 14, 2022
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs... Critical Unreviewed
CVE-2021-32157 was published Apr 12, 2022
Remote code injection in dompdf/dompdf Critical
CVE-2022-28368 was published for dompdf/dompdf (Composer) Apr 4, 2022
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Critical Unreviewed
CVE-2022-25620 was published Mar 31, 2022
Arbitrary code execution in post-loader Critical
CVE-2022-0748 was published for post-loader (npm) Mar 18, 2022
Cross-site Scripting in showdoc/showdoc Critical
CVE-2022-0960 was published for showdoc/showdoc (Composer) Mar 15, 2022
A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling... Critical Unreviewed
CVE-2021-44749 was published Mar 7, 2022
Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability... Critical Unreviewed
CVE-2022-25069 was published Mar 6, 2022
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross... Critical Unreviewed
CVE-2022-25395 was published Mar 4, 2022
A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool... Critical Unreviewed
CVE-2021-42940 was published Feb 12, 2022
Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated... Critical Unreviewed
CVE-2022-21241 was published Feb 9, 2022
BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full... Critical Unreviewed
CVE-2021-31589 was published Feb 8, 2022
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26,... Critical Unreviewed
CVE-2021-24814 was published Feb 8, 2022
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This... Critical Unreviewed
CVE-2022-24123 was published Jan 31, 2022
/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_filter'] in a PHP echo call. Critical Unreviewed
CVE-2022-23993 was published Jan 27, 2022
Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using... Critical Unreviewed
CVE-2021-40909 was published Jan 25, 2022
The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add... Critical Unreviewed
CVE-2022-22769 was published Jan 20, 2022
In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS). The ... Critical Unreviewed
CVE-2022-22114 was published Jan 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database