GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,952
Composer 4,274
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,237
npm 3,740
NuGet 668
pip 3,419
Pub 12
RubyGems 891
Rust 872
Swift 36

Unreviewed advisories

All unreviewed 238,599

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

302 advisories

Filter by severity

Sort by

Least recently updated

The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags... Critical Unreviewed

CVE-2021-24884 was published May 24, 2022

Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to... Critical Unreviewed

CVE-2020-19586 was published Sep 15, 2022

A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection... Critical Unreviewed

CVE-2022-26842 was published Aug 23, 2022

A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by... Critical Unreviewed

CVE-2022-4354 was published Dec 8, 2022

Dolibarr Cross-site Scripting vulnerability Critical

CVE-2021-25955 was published for dolibarr/dolibarr (Composer) Aug 30, 2021

Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway ... Critical Unreviewed

CVE-2019-3638 was published May 24, 2022

Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges... Critical Unreviewed

CVE-2020-15952 was published May 24, 2022

Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1... Critical Unreviewed

CVE-2020-13169 was published May 24, 2022

An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from... Critical Unreviewed

CVE-2020-29071 was published May 24, 2022

Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this... Critical Unreviewed

CVE-2020-27176 was published May 24, 2022

On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12... Critical Unreviewed

CVE-2020-5948 was published May 24, 2022

A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands. Critical Unreviewed

CVE-2020-18766 was published May 24, 2022

The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily... Critical Unreviewed

CVE-2022-30578 was published Sep 22, 2022

Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back... Critical Unreviewed

CVE-2020-13409 was published May 24, 2022

Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because... Critical Unreviewed

CVE-2020-16608 was published May 24, 2022

Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back... Critical Unreviewed

CVE-2020-13407 was published May 24, 2022

myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary... Critical Unreviewed

CVE-2020-28149 was published May 24, 2022

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low... Critical Unreviewed

CVE-2020-12517 was published May 24, 2022

components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote... Critical Unreviewed

CVE-2021-3210 was published May 24, 2022

zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because... Critical Unreviewed

CVE-2020-35717 was published May 24, 2022

The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the... Critical Unreviewed

CVE-2021-24228 was published May 24, 2022

Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back... Critical Unreviewed

CVE-2020-13408 was published May 24, 2022

The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise... Critical Unreviewed

CVE-2021-28827 was published May 24, 2022

Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command... Critical Unreviewed

CVE-2021-31761 was published May 24, 2022

A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an... Critical Unreviewed

CVE-2021-3529 was published May 24, 2022

Previous 1 2 3 4 5 … 12 13 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

302 advisories