GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
302 advisories
Filter by severity
Apache Airflow vulnerable to XSS
Critical
CVE-2017-17836
was published
for
apache-airflow
(pip)
Jan 25, 2019
Cross-site scripting in Swagger-UI
Critical
CVE-2019-17495
was published
for
io.springfox:springfox-swagger-ui
(Maven)
Oct 15, 2019
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
Critical
CVE-2019-10913
was published
for
symfony/http-foundation
(Composer)
Dec 2, 2019
Cross-Site Scripting in swagger-ui
Critical
CVE-2016-1000226
was published
for
swagger-ui
(npm)
Sep 1, 2020
Cross-Site Scripting in swagger-ui
Critical
CVE-2016-5682
was published
for
swagger-ui
(npm)
Sep 1, 2020
Cross-Site Scripting in swagger-ui
Critical
GHSA-g336-c7wv-8hp3
was published
for
swagger-ui
(npm)
Sep 1, 2020
Cross-Site Scripting in dompurify
Critical
GHSA-mjjq-c88q-qhr6
was published
for
dompurify
(npm)
Sep 3, 2020
Privilege Escalation in cordova-plugin-inappbrowser
Critical
CVE-2019-0219
was published
for
cordova-plugin-inappbrowser
(npm)
Sep 4, 2020
XSS vulnerability leveraged through referrers could allow un-authorized admin access in Mautic
Critical
CVE-2020-35124
was published
for
mautic/core
(Composer)
Jan 19, 2021
Cross-site Scripting (XSS) in Eclipse Theia
Critical
CVE-2020-27224
was published
for
@theia/preview
(npm)
Apr 13, 2021
XSS Cross Site Scripting
Critical
CVE-2021-29459
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 22, 2021
XSS vulnerability with translator
Critical
CVE-2021-32671
was published
for
flarum/core
(Composer)
Jun 7, 2021
keycloak Self Stored Cross-site Scripting vulnerability
Critical
CVE-2021-20195
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 8, 2021
Dolibarr Cross-site Scripting vulnerability
Critical
CVE-2021-25955
was published
for
dolibarr/dolibarr
(Composer)
Aug 30, 2021
Unsafe defaults in `remark-html`
Critical
CVE-2021-39199
was published
for
remark-html
(npm)
Sep 7, 2021
SQL Injection and Cross-site Scripting in class-validator
Critical
CVE-2019-18413
was published
for
class-validator
(npm)
Oct 12, 2021
Inconsistent input sanitisation leads to XSS vectors
Critical
CVE-2021-41132
was published
for
omero-figure
(pip)
Oct 14, 2021
XSS via prototype pollution in NodeBB
Critical
CVE-2021-43787
was published
for
nodebb
(npm)
Nov 30, 2021
In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the...
Critical
Unreviewed
CVE-2022-22115
was published
Jan 11, 2022
In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS). The ...
Critical
Unreviewed
CVE-2022-22114
was published
Jan 11, 2022
The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add...
Critical
Unreviewed
CVE-2022-22769
was published
Jan 20, 2022
Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using...
Critical
Unreviewed
CVE-2021-40909
was published
Jan 25, 2022
/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_filter'] in a PHP echo call.
Critical
Unreviewed
CVE-2022-23993
was published
Jan 27, 2022
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This...
Critical
Unreviewed
CVE-2022-24123
was published
Jan 31, 2022
ProTip!
Advisories are also available from the
GraphQL API