GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,051
Erlang
29
GitHub Actions
19
Go
1,887
Maven
5,000+
npm
3,602
NuGet
638
pip
3,205
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
27,653 advisories
Filter by severity
Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross-site scripting (XSS)...
Moderate
Unreviewed
CVE-2022-34988
was published
Jul 27, 2022
Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS)...
Moderate
Unreviewed
CVE-2022-34991
was published
Jul 27, 2022
Insufficient data validation in Trusted Types in Google Chrome prior to 101.0.4951.41 allowed a...
Moderate
Unreviewed
CVE-2022-1494
was published
Jul 27, 2022
Insufficient data validation in Blink Editing in Google Chrome prior to 101.0.4951.41 allowed a...
Moderate
Unreviewed
CVE-2022-1492
was published
Jul 27, 2022
InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX...
Moderate
Unreviewed
CVE-2022-27105
was published
Jul 27, 2022
Fava time and filter parameters vulnerable to reflected XSS before v1.22
Moderate
CVE-2022-2514
was published
for
fava
(pip)
Jul 26, 2022
grapesjs before 0.19.5 vulnerable to Cross-site Scripting
Moderate
CVE-2022-21802
was published
for
grapesjs
(npm)
Jul 26, 2022
Fava vulnerable to Reflected Cross-site Scripting before v1.22.2
Moderate
CVE-2022-2523
was published
for
fava
(pip)
Jul 26, 2022
The Request a Quote WordPress plugin through 2.3.7 does not sanitise and escape some of its...
Moderate
Unreviewed
CVE-2022-2239
was published
Jul 26, 2022
The Name Directory WordPress plugin before 1.25.3 does not sanitise and escape a parameter before...
Moderate
Unreviewed
CVE-2022-2072
was published
Jul 26, 2022
The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before...
High
Unreviewed
CVE-2022-2219
was published
Jul 26, 2022
The W-DALIL WordPress plugin through 2.0 does not sanitise and escape some of its fields, which...
Moderate
Unreviewed
CVE-2022-2340
was published
Jul 26, 2022
The Simple Page Transition WordPress plugin through 1.4.1 does not sanitise and escape some of...
Moderate
Unreviewed
CVE-2022-2341
was published
Jul 26, 2022
The WP Video Lightbox WordPress plugin before 1.9.5 does not escape the $_SERVER['REQUEST_URI']...
Moderate
Unreviewed
CVE-2022-2189
was published
Jul 26, 2022
The Popup Anything WordPress plugin before 2.1.7 does not sanitise and escape a parameter before...
Moderate
Unreviewed
CVE-2022-2115
was published
Jul 26, 2022
The Allow SVG Files WordPress plugin through 1.1 does not sanitise uploaded SVG files, which...
Moderate
Unreviewed
CVE-2022-2299
was published
Jul 26, 2022
The Header Footer Code Manager WordPress plugin before 1.1.24 does not escape generated URLs...
Moderate
Unreviewed
CVE-2022-0899
was published
Jul 26, 2022
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross...
Moderate
Unreviewed
CVE-2022-34961
was published
Jul 26, 2022
markdown-it-toc Cross-site Scripting due to title of generated toc and contents of header not being escaped
Moderate
CVE-2020-28455
was published
for
markdown-it-toc
(npm)
Jul 26, 2022
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross...
Moderate
Unreviewed
CVE-2022-34964
was published
Jul 26, 2022
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross...
Moderate
Unreviewed
CVE-2022-34963
was published
Jul 26, 2022
Moodle LTI module reflected XSS risk
Moderate
CVE-2022-35653
was published
for
moodle/moodle
(Composer)
Jul 26, 2022
Moodle Stored XSS and blind SSRF possible via SCORM track details
Moderate
CVE-2022-35651
was published
for
moodle/moodle
(Composer)
Jul 26, 2022
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross...
Moderate
Unreviewed
CVE-2022-34962
was published
Jul 26, 2022
Western Digital My Cloud devices are vulnerable to a cross side scripting vulnerability that can...
Moderate
Unreviewed
CVE-2022-22999
was published
Jul 26, 2022
ProTip!
Advisories are also available from the
GraphQL API