Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,966
NuGet
713
pip
3,759
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,715 advisories

Loading
Stored Cross-site Scripting vulnerability in Jenkins Environment Dashboard Plugin High
CVE-2022-27213 was published for io.jenkins.plugins:environment-dashboard (Maven) Mar 16, 2022
NotMyFault
Cross-site Scripting in microweber High
CVE-2022-0930 was published for microweber/microweber (Composer) Mar 13, 2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in view_component High
CVE-2022-24722 was published for view_component (RubyGems) Mar 2, 2022
Cross site scripting in @awsui/components-react High
CVE-2022-24709 was published for @awsui/components-react (npm) Feb 25, 2022
Cross-site Scripting in Microweber High
CVE-2022-0719 was published for microweber/microweber (Composer) Feb 24, 2022
Cross-site Scripting in Prism High
CVE-2022-23647 was published for prismjs (npm) Feb 22, 2022
Cross-site Scripting in microweber High
CVE-2022-0690 was published for microweber/microweber (Composer) Feb 20, 2022
Stored Cross-site Scripting vulnerability in Jenkins Custom Checkbox Parameter Plugin High
CVE-2022-25189 was published for io.jenkins.plugins:custom-checkbox-parameter (Maven) Feb 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Agent Server Parameter Plugin High
CVE-2022-25191 was published for io.jenkins.plugins:agent-server-parameter (Maven) Feb 16, 2022
NotMyFault
Cross site scripting in registration template in xwiki-platform High
CVE-2022-23622 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Feb 9, 2022
Cross site scripting in three.js High
CVE-2022-0177 was published for three (npm) Jan 27, 2022 withdrawn
On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access... High Unreviewed
CVE-2022-23008 was published Jan 26, 2022
On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and... High Unreviewed
CVE-2022-23013 was published Jan 26, 2022
Cross-site Scripting in HTML2PDF High
CVE-2021-45394 was published for spipu/html2pdf (Composer) Jan 21, 2022
Code Injection in microweber High
CVE-2022-0282 was published for microweber/microweber (Composer) Jan 21, 2022
Reflected cross-site scripting (XSS) vulnerability High
CVE-2022-0087 was published for @keystone-6/auth (npm) Jan 12, 2022
Shivansh-Khari
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability. High Unreviewed
CVE-2022-21932 was published Jan 12, 2022
hoppscotch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor High Unreviewed
CVE-2022-0121 was published Jan 7, 2022
Sandbox bypass in Latte templates High
CVE-2022-21648 was published for latte/latte (Composer) Jan 6, 2022
Incorrect sanitisation function leads to `XSS` in mermaid High
CVE-2021-43861 was published for mermaid (npm) Jan 6, 2022
AjaxNetProfessional deserializes arbitrary JavaScript objects High
CVE-2021-43853 was published for AjaxNetProfessional (NuGet) Jan 6, 2022
jsk95 ashmind
Unsafe inline XSS in pasting DOM element into chat High
CVE-2021-39183 was published for github.com/owncast/owncast (Go) Dec 14, 2021
intrigus-lgtm
django-helpdesk is vulnerable to Cross-site Scripting High
CVE-2021-3994 was published for django-helpdesk (pip) Dec 3, 2021
kimai2 is vulnerable to Cross-site Scripting High
CVE-2021-3985 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
Cross-Site Scripting vulnerability in @backstage/plugin-auth-backend High
CVE-2021-43776 was published for @backstage/plugin-auth-backend (npm) Dec 1, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database