Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

302 advisories

Loading
An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to... Critical Unreviewed
CVE-2018-19222 was published May 13, 2022
Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this... Critical Unreviewed
CVE-2019-7551 was published May 13, 2022
Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are... Critical Unreviewed
CVE-2018-18864 was published May 14, 2022
Django Allows Redirect via Data URL Critical
CVE-2012-3442 was published for django (pip) May 17, 2022
Cross-site Scripting in com.erudika:para-core Critical
CVE-2022-1782 was published for com.erudika:para-core (Maven) May 19, 2022
Publify vulnerable to cross site scripting Critical
CVE-2022-1811 was published for publify_core (RubyGems) May 24, 2022
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would... Critical Unreviewed
CVE-2019-3873 was published May 24, 2022
The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in... Critical Unreviewed
CVE-2019-13478 was published May 24, 2022
A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service... Critical Unreviewed
CVE-2019-5397 was published May 24, 2022
The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site... Critical Unreviewed
CVE-2019-15074 was published May 24, 2022
Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway ... Critical Unreviewed
CVE-2019-3638 was published May 24, 2022
A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The... Critical Unreviewed
CVE-2019-13923 was published May 24, 2022
Rambox RCE Vulnerability Critical
CVE-2019-17625 was published for Rambox (npm) May 24, 2022
Dolibarr Cross-site Scripting via the qty parameter in product/fournisseurs.php Critical
CVE-2019-19212 was published for dolibarr/dolibarr (Composer) May 24, 2022
Magento DOM-based Cross-site scripting vulnerability Critical
CVE-2020-9691 was published for magento/community-edition (Composer) May 24, 2022
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1... Critical Unreviewed
CVE-2020-13169 was published May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** Leostream Connection Broker 8.2.x is affected by stored XSS. An... Critical Unreviewed
CVE-2020-26574 was published May 24, 2022
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this... Critical Unreviewed
CVE-2020-27176 was published May 24, 2022
A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands. Critical Unreviewed
CVE-2020-18766 was published May 24, 2022
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges... Critical Unreviewed
CVE-2020-15952 was published May 24, 2022
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from... Critical Unreviewed
CVE-2020-29071 was published May 24, 2022
Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because... Critical Unreviewed
CVE-2020-16608 was published May 24, 2022
On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12... Critical Unreviewed
CVE-2020-5948 was published May 24, 2022
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low... Critical Unreviewed
CVE-2020-12517 was published May 24, 2022
zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because... Critical Unreviewed
CVE-2020-35717 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database