Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,768
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,965
NuGet
713
pip
3,748
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,708 advisories

Loading
Cross-site scripting (XSS) from unsanitized uploaded SVG files in Kirby High
CVE-2021-29460 was published for getkirby/cms (Composer) Apr 30, 2021
sreenathr10
Improper validation of URLs ('Cross-site Scripting') in Wagtail rich text fields High
CVE-2021-29434 was published for wagtail (pip) Apr 20, 2021
kevthehermit gasman
tdunlap607
Cross-site Scripting (XSS) in @scullyio/scully High
CVE-2020-28470 was published for @scullyio/scully (npm) Apr 13, 2021
Cross-site scripting in eZ Platform Kernel High
GHSA-mrvj-7q4f-5p42 was published for ezsystems/ezplatform-kernel (Composer) Mar 19, 2021
Reflected Cross-site Scripting in ACS Commons High
CVE-2021-21028 was published for com.adobe.acs:acs-aem-commons (Maven) Feb 2, 2021
XSS in Mautic High
CVE-2021-3142 was published for mautic/core (Composer) Jan 29, 2021
dennisameling
Denial of service attack via incorrect parameters in Matrix Synapse High
CVE-2020-26257 was published for matrix-synapse (pip) Dec 9, 2020
Cross-Site Scripting bypass in html-purify High
GHSA-5p28-63mc-cgr9 was published for html-purify (npm) Dec 4, 2020
Cross-Site Scripting through Fluid view helper arguments High
CVE-2020-26216 was published for typo3fluid/fluid (Composer) Nov 18, 2020
NamelessCoder jonaseberle
Cross-Site Scripting in scratch-svg-renderer High
CVE-2020-7750 was published for scratch-svg-renderer (npm) Nov 9, 2020
Inline attribute values were not processed. High
CVE-2020-15263 was published for orchid/platform (Composer) Oct 19, 2020
Potential XSS injection In PrestaShop contactform High
CVE-2020-15178 was published for prestashop/contactform (Composer) Sep 15, 2020
Cross-Site Scripting in node-red High
GHSA-5g6j-8hv4-vfgj was published for node-red (npm) Sep 11, 2020
Cross-Site Scripting in serve High
GHSA-xw79-hhv6-578c was published for serve (npm) Sep 11, 2020
Cross-Site Scripting in markdown-it-katex High
GHSA-5ff8-jcf9-fw62 was published for markdown-it-katex (npm) Sep 4, 2020
Cross-Site Scripting in atlasboard-atlassian-package High
GHSA-25v4-mcx4-hh35 was published for atlasboard-atlassian-package (npm) Sep 4, 2020
Cross-Site Scripting in nextcloud-vue-collections High
GHSA-whv6-rj84-2vh2 was published for nextcloud-vue-collections (npm) Sep 4, 2020
Cross-Site Scripting in react High
GHSA-hg79-j56m-fxgv was published for react (npm) Sep 4, 2020
apostolos
Cross-Site Scripting in markdown-to-jsx High
GHSA-ccrp-c664-8p4j was published for markdown-to-jsx (npm) Sep 3, 2020
Cross-Site Scripting in hexo-admin High
GHSA-phph-xpj4-wvcv was published for hexo-admin (npm) Sep 3, 2020
Cross-Site Scripting in snekserve High
GHSA-hv4w-jhcj-6wfw was published for snekserve (npm) Sep 3, 2020
Cross-Site Scripting in console-feed High
GHSA-g9wg-wq4f-2x5w was published for console-feed (npm) Sep 3, 2020
Cross-Site Scripting in dmn-js-properties-panel High
GHSA-h9wr-xr4r-66fh was published for dmn-js-properties-panel (npm) Sep 3, 2020
Cross-Site Scripting in cmmn-js-properties-panel High
GHSA-vmh4-322v-cfpc was published for cmmn-js-properties-panel (npm) Sep 3, 2020
Cross-Site Scripting in bpmn-js-properties-panel High
GHSA-vpj4-89q8-rh38 was published for bpmn-js-properties-panel (npm) Sep 3, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database