Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,164
Erlang
30
GitHub Actions
19
Go
1,973
Maven
5,000+
npm
3,695
NuGet
654
pip
3,311
Pub
11
RubyGems
881
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

933 advisories

Loading
hoppscotch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor High Unreviewed
CVE-2022-0121 was published Jan 7, 2022
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability. High Unreviewed
CVE-2022-21932 was published Jan 12, 2022
On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and... High Unreviewed
CVE-2022-23013 was published Jan 26, 2022
On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access... High Unreviewed
CVE-2022-23008 was published Jan 26, 2022
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A... High Unreviewed
CVE-2021-44082 was published Mar 31, 2022
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin... High Unreviewed
CVE-2022-1347 was published Apr 14, 2022
A remote attacker with write access to PI ProcessBook files could inject code that is imported... High Unreviewed
CVE-2020-25163 was published Apr 19, 2022
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to... High Unreviewed
CVE-2004-1875 was published Apr 29, 2022
Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass... High Unreviewed
CVE-2007-3482 was published May 1, 2022
Cross-zone scripting vulnerability in the Internet Explorer web control in Skype 3.6.0.244, and... High Unreviewed
CVE-2008-0454 was published May 1, 2022
The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.1 for... High Unreviewed
CVE-2013-4225 was published May 5, 2022
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to... High Unreviewed
CVE-2021-25268 was published May 6, 2022
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin... High Unreviewed
CVE-2021-25267 was published May 6, 2022
On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to... High Unreviewed
CVE-2022-28716 was published May 6, 2022
PSI GridConnect GmbH Telecontrol Gateway and Smart Telecontrol Unit family, IEC104 Security Proxy... High Unreviewed
CVE-2019-6528 was published May 13, 2022
Cross-site scripting in usertable.php in TerraMaster TOS version 3.1.03 allows attackers to... High Unreviewed
CVE-2018-13359 was published May 13, 2022
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly... High Unreviewed
CVE-2019-0668 was published May 13, 2022
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary... High Unreviewed
CVE-2019-9164 was published May 13, 2022
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has a composite of Stored XSS... High Unreviewed
CVE-2017-8899 was published May 13, 2022
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history... High Unreviewed
CVE-2011-3046 was published May 13, 2022
Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a... High Unreviewed
CVE-2017-12343 was published May 13, 2022
A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can... High Unreviewed
CVE-2017-10612 was published May 13, 2022
Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite ... High Unreviewed
CVE-2017-3557 was published May 13, 2022
Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it... High Unreviewed
CVE-2017-8569 was published May 13, 2022
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an... High Unreviewed
CVE-2018-0909 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database