Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,164
Erlang
30
GitHub Actions
19
Go
1,973
Maven
5,000+
npm
3,695
NuGet
654
pip
3,312
Pub
11
RubyGems
881
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+

25,779 advisories

Loading
Moderate severity vulnerability that affects DotNetNuke.Core Moderate
CVE-2015-1566 was published for DotNetNuke.Core (NuGet) Oct 16, 2018
Cross-Site Scripting in @risingstack/protect Moderate
CVE-2018-1000160 was published for @risingstack/protect (npm) Apr 25, 2018
Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main Moderate
CVE-2019-0224 was published for org.apache.jspwiki:jspwiki-main (Maven) Apr 2, 2019
Multiple XSS Filter Bypasses in validator Moderate
CVE-2013-7454 was published for validator (npm) Oct 24, 2017
Cross-Site Scripting in simple-markdown Moderate
CVE-2019-9844 was published for simple-markdown (npm) Apr 9, 2019
Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Moderate
CVE-2017-7678 was published for org.apache.spark:spark-core_2.10 (Maven) Nov 9, 2018
Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML Moderate
CVE-2016-5395 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.b3log:symphony Moderate
CVE-2019-9142 was published for org.b3log:symphony (Maven) Mar 6, 2019
Cross-site Scripting in jspwiki-war Moderate
CVE-2018-20242 was published for org.apache.jspwiki:jspwiki-war (Maven) Feb 12, 2019
Multiple Content Injection Vulnerabilities in marked Moderate
CVE-2014-3743 was published for marked (npm) Aug 31, 2020
Moderate severity vulnerability that affects org.grails.plugins:fields and org.grails:grails-core Moderate
CVE-2018-1000529 was published for org.grails.plugins:fields (Maven) Oct 19, 2018
Moderate severity vulnerability that affects validator Moderate
CVE-2013-7451 was published for validator (npm) Oct 24, 2017
Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page Moderate
CVE-2018-18282 was published for next (npm) Oct 15, 2018
Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons Moderate
CVE-2018-20594 was published for org.hswebframework.web:hsweb-commons (Maven) Jan 4, 2019
Moderate severity vulnerability that affects validator Moderate
CVE-2013-7452 was published for validator (npm) Oct 24, 2017
Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies Moderate
CVE-2016-8751 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Moderate severity vulnerability that affects Zope2 Moderate
CVE-2010-1104 was published for Zope2 (pip) Jul 23, 2018
Cross-Site Scripting in @berslucas/liljs Moderate
GHSA-c53x-wwx2-pg96 was published for @berslucas/liljs (npm) Sep 3, 2020
XSS via JQLite DOM manipulation functions in AngularJS Moderate
GHSA-5cp4-xmrw-59wf was published for angular (npm) Aug 5, 2020
koto masatokinugawa
Cross-Site Scripting in Wagtail Moderate
CVE-2020-15118 was published for wagtail (pip) Jul 20, 2020
acarasimon96
Cross-Site Scripting in google-closure-library Moderate
GHSA-r9q4-w3fm-wrm2 was published for google-closure-library (npm) Sep 2, 2020
Cross-Site Scripting in serve Moderate
GHSA-cpgr-wmr9-qxv4 was published for serve (npm) Sep 11, 2020
Cross-Site Scripting in swagger-ui Moderate
GHSA-388g-jwpg-x6j4 was published for swagger-ui (npm) Sep 11, 2020
Cross-Site Scripting in swagger-ui Moderate
GHSA-vp93-gcx5-4w52 was published for swagger-ui (npm) Sep 11, 2020
Cross-Site Scripting in swagger-ui Moderate
GHSA-w992-2gmj-9xxj was published for swagger-ui (npm) Sep 11, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database