Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,051
Erlang
29
GitHub Actions
19
Go
1,887
Maven
5,000+
npm
3,602
NuGet
638
pip
3,205
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

27,653 advisories

Loading
Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross-site scripting (XSS)... Moderate Unreviewed
CVE-2022-34988 was published Jul 27, 2022
Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS)... Moderate Unreviewed
CVE-2022-34991 was published Jul 27, 2022
Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a... Moderate Unreviewed
CVE-2022-1494 was published Jul 27, 2022
Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a... Moderate Unreviewed
CVE-2022-1492 was published Jul 27, 2022
InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX... Moderate Unreviewed
CVE-2022-27105 was published Jul 27, 2022
Fava time and filter parameters vulnerable to reflected XSS before v1.22 Moderate
CVE-2022-2514 was published for fava (pip) Jul 26, 2022
grapesjs before 0.19.5 vulnerable to Cross-site Scripting Moderate
CVE-2022-21802 was published for grapesjs (npm) Jul 26, 2022
Fava vulnerable to Reflected Cross-site Scripting before v1.22.2 Moderate
CVE-2022-2523 was published for fava (pip) Jul 26, 2022
The Request a Quote WordPress plugin through 2.3.7 does not sanitise and escape some of its... Moderate Unreviewed
CVE-2022-2239 was published Jul 26, 2022
The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before... Moderate Unreviewed
CVE-2022-2072 was published Jul 26, 2022
The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before... High Unreviewed
CVE-2022-2219 was published Jul 26, 2022
The W-DALIL WordPress plugin through 2.0 does not sanitise and escape some of its fields, which... Moderate Unreviewed
CVE-2022-2340 was published Jul 26, 2022
The Simple Page Transition WordPress plugin through 1.4.1 does not sanitise and escape some of... Moderate Unreviewed
CVE-2022-2341 was published Jul 26, 2022
The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $_SERVER['REQUEST_URI']... Moderate Unreviewed
CVE-2022-2189 was published Jul 26, 2022
The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before... Moderate Unreviewed
CVE-2022-2115 was published Jul 26, 2022
The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which... Moderate Unreviewed
CVE-2022-2299 was published Jul 26, 2022
The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs... Moderate Unreviewed
CVE-2022-0899 was published Jul 26, 2022
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross... Moderate Unreviewed
CVE-2022-34961 was published Jul 26, 2022
markdown-it-toc Cross-site Scripting due to title of generated toc and contents of header not being escaped Moderate
CVE-2020-28455 was published for markdown-it-toc (npm) Jul 26, 2022
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross... Moderate Unreviewed
CVE-2022-34964 was published Jul 26, 2022
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross... Moderate Unreviewed
CVE-2022-34963 was published Jul 26, 2022
Moodle LTI module reflected XSS risk Moderate
CVE-2022-35653 was published for moodle/moodle (Composer) Jul 26, 2022
Moodle Stored XSS and blind SSRF possible via SCORM track details Moderate
CVE-2022-35651 was published for moodle/moodle (Composer) Jul 26, 2022
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross... Moderate Unreviewed
CVE-2022-34962 was published Jul 26, 2022
Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can... Moderate Unreviewed
CVE-2022-22999 was published Jul 26, 2022
ProTip! Advisories are also available from the GraphQL API