GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,459
Composer 4,164
Erlang 30
GitHub Actions 19
Go 1,973
Maven 5,149
npm 3,695
NuGet 654
pip 3,312
Pub 11
RubyGems 881
Rust 831
Swift 35

Unreviewed advisories

All unreviewed 232,379

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

174 advisories

Filter by severity

Sort by

Least recently updated

In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the... Critical Unreviewed

CVE-2022-22115 was published Jan 11, 2022

In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS). The ... Critical Unreviewed

CVE-2022-22114 was published Jan 11, 2022

The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add... Critical Unreviewed

CVE-2022-22769 was published Jan 20, 2022

Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using... Critical Unreviewed

CVE-2021-40909 was published Jan 25, 2022

/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_filter'] in a PHP echo call. Critical Unreviewed

CVE-2022-23993 was published Jan 27, 2022

MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This... Critical Unreviewed

CVE-2022-24123 was published Jan 31, 2022

The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26,... Critical Unreviewed

CVE-2021-24814 was published Feb 8, 2022

BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full... Critical Unreviewed

CVE-2021-31589 was published Feb 8, 2022

Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated... Critical Unreviewed

CVE-2022-21241 was published Feb 9, 2022

A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool... Critical Unreviewed

CVE-2021-42940 was published Feb 12, 2022

Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross... Critical Unreviewed

CVE-2022-25395 was published Mar 4, 2022

Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability... Critical Unreviewed

CVE-2022-25069 was published Mar 6, 2022

A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling... Critical Unreviewed

CVE-2021-44749 was published Mar 7, 2022

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Critical Unreviewed

CVE-2022-25620 was published Mar 31, 2022

A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs... Critical Unreviewed

CVE-2021-32157 was published Apr 12, 2022

Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows... Critical Unreviewed

CVE-2022-1346 was published Apr 14, 2022

Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to... Critical Unreviewed

CVE-2022-1344 was published Apr 14, 2022

A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes Functionality of... Critical Unreviewed

CVE-2021-42136 was published Apr 14, 2022

Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code... Critical Unreviewed

CVE-2022-28464 was published Apr 28, 2022

Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing... Critical Unreviewed

CVE-2022-28101 was published Apr 29, 2022

Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18... Critical Unreviewed

CVE-2022-1575 was published May 6, 2022

For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries... Critical Unreviewed

CVE-2018-9079 was published May 13, 2022

Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the... Critical Unreviewed

CVE-2017-8898 was published May 13, 2022

IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an... Critical Unreviewed

CVE-2019-3708 was published May 13, 2022

IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering... Critical Unreviewed

CVE-2019-3709 was published May 13, 2022

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

174 advisories