GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,051
Erlang
29
GitHub Actions
19
Go
1,887
Maven
5,000+
npm
3,602
NuGet
638
pip
3,205
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
27,653 advisories
Filter by severity
In Pandora FMS v7.0NG.761 and below, in the file manager section, the dirname parameter is...
Moderate
Unreviewed
CVE-2022-2032
was published
Jul 26, 2022
In Pandora FMS v7.0NG.761 and below, in the agent creation section, the alias parameter is...
Moderate
Unreviewed
CVE-2022-2059
was published
Jul 26, 2022
Joplin is vulnerable to arbitrary code execution
Critical
CVE-2022-35131
was published
for
joplin
(npm)
Jul 26, 2022
Django REST framework XSS Vulnerability
Moderate
CVE-2018-25045
was published
for
django-rest-framework
(pip)
Jul 24, 2022
Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.0.
Moderate
Unreviewed
CVE-2022-2494
was published
Jul 23, 2022
Microweber Stored Cross-site Scripting before v1.2.20
Moderate
CVE-2022-2495
was published
for
microweber/microweber
(Composer)
Jul 23, 2022
A vulnerability in the web-based management interface of Cisco IoT Control Center could allow an...
Moderate
Unreviewed
CVE-2022-20916
was published
Jul 23, 2022
Microweber before 1.2.21 vulnerable to reflected XSS
Moderate
CVE-2022-2470
was published
for
microweber/microweber
(Composer)
Jul 23, 2022
The Better PDF Exporter add-on 10.0.0 for Atlassian Jira is prone to stored XSS via a crafted...
Moderate
Unreviewed
CVE-2022-36131
was published
Jul 23, 2022
Cross-site Scripting (XSS) vulnerability in the "commonuserinterface" component of BlueSpice...
Moderate
Unreviewed
CVE-2022-2511
was published
Jul 23, 2022
Cross-site Scripting (XSS) vulnerability in "Extension:ExtendedSearch" of Hallo Welt! GmbH...
Moderate
Unreviewed
CVE-2022-2510
was published
Jul 23, 2022
Multiple Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS)...
Moderate
Unreviewed
CVE-2022-34650
was published
Jul 23, 2022
Multiple Authenticated (contributor or higher user role) Persistent Cross-Site Scripting (XSS)...
Moderate
Unreviewed
CVE-2022-34853
was published
Jul 23, 2022
Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability...
Moderate
Unreviewed
CVE-2022-33191
was published
Jul 23, 2022
Authenticated Stored Cross-Site Scripting (XSS) vulnerability in Florent Maillefaud's WP...
Moderate
Unreviewed
CVE-2022-30536
was published
Jul 22, 2022
DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the...
Moderate
Unreviewed
CVE-2021-31858
was published
Jul 21, 2022
Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting ...
Moderate
Unreviewed
CVE-2022-34048
was published
Jul 21, 2022
Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage...
Moderate
Unreviewed
CVE-2022-35569
was published
Jul 21, 2022
The main MiCODUS MV720 GPS tracker web server has a reflected cross-site scripting vulnerability...
Moderate
Unreviewed
CVE-2022-2199
was published
Jul 21, 2022
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in René Hermenau's Social...
Moderate
Unreviewed
CVE-2021-36849
was published
Jul 21, 2022
Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in...
Moderate
Unreviewed
CVE-2022-29923
was published
Jul 21, 2022
Java Melody vulnerable to cross-site scripting
Critical
CVE-2016-1000273
was published
for
net.bull.javamelody:javamelody-core
(Maven)
Jul 20, 2022
A improper neutralization of input during web page generation ('cross-site scripting') in...
Moderate
Unreviewed
CVE-2022-29057
was published
Jul 20, 2022
BigFix Web Reports authorized users may perform HTML injection for the email administrative...
Moderate
Unreviewed
CVE-2022-27545
was published
Jul 20, 2022
IBM Sterling Partner Engagement Manager 6.1.2, 6.2, and Cloud/SasS 22.2 is vulnerable to cross...
Moderate
Unreviewed
CVE-2022-22417
was published
Jul 20, 2022
ProTip!
Advisories are also available from the
GraphQL API