Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,051
Erlang
29
GitHub Actions
19
Go
1,887
Maven
5,000+
npm
3,602
NuGet
638
pip
3,205
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

27,653 advisories

Loading
In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is... Moderate Unreviewed
CVE-2022-2032 was published Jul 26, 2022
In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is... Moderate Unreviewed
CVE-2022-2059 was published Jul 26, 2022
Joplin is vulnerable to arbitrary code execution Critical
CVE-2022-35131 was published for joplin (npm) Jul 26, 2022
Django REST framework XSS Vulnerability Moderate
CVE-2018-25045 was published for django-rest-framework (pip) Jul 24, 2022
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0. Moderate Unreviewed
CVE-2022-2494 was published Jul 23, 2022
Microweber Stored Cross-site Scripting before v1.2.20 Moderate
CVE-2022-2495 was published for microweber/microweber (Composer) Jul 23, 2022
Serubin
A vulnerability in the web-based management interface of Cisco IoT Control Center could allow an... Moderate Unreviewed
CVE-2022-20916 was published Jul 23, 2022
Microweber before 1.2.21 vulnerable to reflected XSS Moderate
CVE-2022-2470 was published for microweber/microweber (Composer) Jul 23, 2022
The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to stored XSS via a crafted... Moderate Unreviewed
CVE-2022-36131 was published Jul 23, 2022
Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" component of BlueSpice... Moderate Unreviewed
CVE-2022-2511 was published Jul 23, 2022
Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH... Moderate Unreviewed
CVE-2022-2510 was published Jul 23, 2022
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS)... Moderate Unreviewed
CVE-2022-34650 was published Jul 23, 2022
Multiple Authenticated (contributor or higher user role) Persistent Cross-Site Scripting (XSS)... Moderate Unreviewed
CVE-2022-34853 was published Jul 23, 2022
Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability... Moderate Unreviewed
CVE-2022-33191 was published Jul 23, 2022
Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP... Moderate Unreviewed
CVE-2022-30536 was published Jul 22, 2022
DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the... Moderate Unreviewed
CVE-2021-31858 was published Jul 21, 2022
Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting ... Moderate Unreviewed
CVE-2022-34048 was published Jul 21, 2022
Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage... Moderate Unreviewed
CVE-2022-35569 was published Jul 21, 2022
The main MiCODUS MV720 GPS tracker web server has a reflected cross-site scripting vulnerability... Moderate Unreviewed
CVE-2022-2199 was published Jul 21, 2022
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in René Hermenau's Social... Moderate Unreviewed
CVE-2021-36849 was published Jul 21, 2022
Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in... Moderate Unreviewed
CVE-2022-29923 was published Jul 21, 2022
Java Melody vulnerable to cross-site scripting Critical
CVE-2016-1000273 was published for net.bull.javamelody:javamelody-core (Maven) Jul 20, 2022
A improper neutralization of input during web page generation ('cross-site scripting') in... Moderate Unreviewed
CVE-2022-29057 was published Jul 20, 2022
BigFix Web Reports authorized users may perform HTML injection for the email administrative... Moderate Unreviewed
CVE-2022-27545 was published Jul 20, 2022
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross... Moderate Unreviewed
CVE-2022-22417 was published Jul 20, 2022
ProTip! Advisories are also available from the GraphQL API