GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
302 advisories
Filter by severity
ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS)
Critical
GHSA-58h5-h554-429q
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
Nov 10, 2022
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
Critical
CVE-2019-10913
was published
for
symfony/http-foundation
(Composer)
Dec 2, 2019
Cross-Site Scripting in swagger-ui
Critical
CVE-2016-5682
was published
for
swagger-ui
(npm)
Sep 1, 2020
Cross-Site Scripting in swagger-ui
Critical
CVE-2016-1000226
was published
for
swagger-ui
(npm)
Sep 1, 2020
Cross-Site Scripting in dompurify
Critical
GHSA-mjjq-c88q-qhr6
was published
for
dompurify
(npm)
Sep 3, 2020
Java Melody vulnerable to cross-site scripting
Critical
CVE-2016-1000273
was published
for
net.bull.javamelody:javamelody-core
(Maven)
Jul 20, 2022
Cross-site Scripting in showdoc/showdoc
Critical
CVE-2022-0960
was published
for
showdoc/showdoc
(Composer)
Mar 15, 2022
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Critical
Unreviewed
CVE-2022-25620
was published
Mar 31, 2022
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs...
Critical
Unreviewed
CVE-2021-32157
was published
Apr 12, 2022
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes Functionality of...
Critical
Unreviewed
CVE-2021-42136
was published
Apr 14, 2022
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows...
Critical
Unreviewed
CVE-2022-1346
was published
Apr 14, 2022
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to...
Critical
Unreviewed
CVE-2022-1344
was published
Apr 14, 2022
Cross-site Scripting in com.erudika:para-core
Critical
CVE-2022-1782
was published
for
com.erudika:para-core
(Maven)
May 19, 2022
Cross site scripting in facturascripts
Critical
CVE-2022-1457
was published
for
neorazorx/facturascripts
(Composer)
Apr 26, 2022
XWiki Platform Mentions UI vulnerable to Cross-site Scripting
Critical
CVE-2022-36098
was published
for
org.xwiki.platform:xwiki-platform-mentions-ui
(Maven)
Sep 16, 2022
Privilege Escalation in cordova-plugin-inappbrowser
Critical
CVE-2019-0219
was published
for
cordova-plugin-inappbrowser
(npm)
Sep 4, 2020
In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability....
Critical
Unreviewed
CVE-2022-32271
was published
Jun 4, 2022
SQL Injection and Cross-site Scripting in class-validator
Critical
CVE-2019-18413
was published
for
class-validator
(npm)
Oct 12, 2021
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client...
Critical
Unreviewed
CVE-2022-29095
was published
Jun 11, 2022
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness...
Critical
Unreviewed
CVE-2021-0268
was published
May 24, 2022
In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to...
Critical
Unreviewed
CVE-2022-42711
was published
Oct 12, 2022
Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution,...
Critical
Unreviewed
CVE-2021-26636
was published
Jun 24, 2022
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin...
Critical
Unreviewed
CVE-2021-43702
was published
Jul 6, 2022
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an...
Critical
Unreviewed
CVE-2022-2140
was published
Jun 28, 2022
Insufficient user input in Apache Jetspeed-2
Critical
CVE-2022-32533
was published
for
org.apache.portals.jetspeed-2:jetspeed-commons
(Maven)
Jul 7, 2022
ProTip!
Advisories are also available from the
GraphQL API