Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

302 advisories

Loading
ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS) Critical
GHSA-58h5-h554-429q was published for ezsystems/ezplatform-admin-ui (Composer) Nov 10, 2022
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony Critical
CVE-2019-10913 was published for symfony/http-foundation (Composer) Dec 2, 2019
Cross-Site Scripting in swagger-ui Critical
CVE-2016-5682 was published for swagger-ui (npm) Sep 1, 2020
Cross-Site Scripting in swagger-ui Critical
CVE-2016-1000226 was published for swagger-ui (npm) Sep 1, 2020
Cross-Site Scripting in dompurify Critical
GHSA-mjjq-c88q-qhr6 was published for dompurify (npm) Sep 3, 2020
Java Melody vulnerable to cross-site scripting Critical
CVE-2016-1000273 was published for net.bull.javamelody:javamelody-core (Maven) Jul 20, 2022
Cross-site Scripting in showdoc/showdoc Critical
CVE-2022-0960 was published for showdoc/showdoc (Composer) Mar 15, 2022
Cross-site Scripting in com.erudika:para-core Critical
CVE-2022-1782 was published for com.erudika:para-core (Maven) May 19, 2022
Cross site scripting in facturascripts Critical
CVE-2022-1457 was published for neorazorx/facturascripts (Composer) Apr 26, 2022
XWiki Platform Mentions UI vulnerable to Cross-site Scripting Critical
CVE-2022-36098 was published for org.xwiki.platform:xwiki-platform-mentions-ui (Maven) Sep 16, 2022
Privilege Escalation in cordova-plugin-inappbrowser Critical
CVE-2019-0219 was published for cordova-plugin-inappbrowser (npm) Sep 4, 2020
SQL Injection and Cross-site Scripting in class-validator Critical
CVE-2019-18413 was published for class-validator (npm) Oct 12, 2021
Insufficient user input in Apache Jetspeed-2 Critical
CVE-2022-32533 was published for org.apache.portals.jetspeed-2:jetspeed-commons (Maven) Jul 7, 2022
ProTip! Advisories are also available from the GraphQL API