Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,164
Erlang
30
GitHub Actions
19
Go
1,973
Maven
5,000+
npm
3,695
NuGet
654
pip
3,312
Pub
11
RubyGems
881
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

174 advisories

Loading
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Critical Unreviewed
CVE-2022-25620 was published Mar 31, 2022
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs... Critical Unreviewed
CVE-2021-32157 was published Apr 12, 2022
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes Functionality of... Critical Unreviewed
CVE-2021-42136 was published Apr 14, 2022
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows... Critical Unreviewed
CVE-2022-1346 was published Apr 14, 2022
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to... Critical Unreviewed
CVE-2022-1344 was published Apr 14, 2022
In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability.... Critical Unreviewed
CVE-2022-32271 was published Jun 4, 2022
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client... Critical Unreviewed
CVE-2022-29095 was published Jun 11, 2022
An Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') weakness... Critical Unreviewed
CVE-2021-0268 was published May 24, 2022
In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to... Critical Unreviewed
CVE-2022-42711 was published Oct 12, 2022
Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution,... Critical Unreviewed
CVE-2021-26636 was published Jun 24, 2022
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin... Critical Unreviewed
CVE-2021-43702 was published Jul 6, 2022
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an... Critical Unreviewed
CVE-2022-2140 was published Jun 28, 2022
The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags... Critical Unreviewed
CVE-2021-24884 was published May 24, 2022
Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to... Critical Unreviewed
CVE-2020-19586 was published Sep 15, 2022
A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection... Critical Unreviewed
CVE-2022-26842 was published Aug 23, 2022
A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by... Critical Unreviewed
CVE-2022-4354 was published Dec 8, 2022
Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway ... Critical Unreviewed
CVE-2019-3638 was published May 24, 2022
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges... Critical Unreviewed
CVE-2020-15952 was published May 24, 2022
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1... Critical Unreviewed
CVE-2020-13169 was published May 24, 2022
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from... Critical Unreviewed
CVE-2020-29071 was published May 24, 2022
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this... Critical Unreviewed
CVE-2020-27176 was published May 24, 2022
On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12... Critical Unreviewed
CVE-2020-5948 was published May 24, 2022
A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands. Critical Unreviewed
CVE-2020-18766 was published May 24, 2022
The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily... Critical Unreviewed
CVE-2022-30578 was published Sep 22, 2022
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back... Critical Unreviewed
CVE-2020-13409 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database