Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

176 advisories

Loading
Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote... Critical Unreviewed
CVE-2021-29996 was published May 24, 2022
myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary... Critical Unreviewed
CVE-2020-28149 was published May 24, 2022
components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote... Critical Unreviewed
CVE-2021-3210 was published May 24, 2022
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back... Critical Unreviewed
CVE-2020-13407 was published May 24, 2022
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back... Critical Unreviewed
CVE-2020-13408 was published May 24, 2022
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back... Critical Unreviewed
CVE-2020-13409 was published May 24, 2022
zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because... Critical Unreviewed
CVE-2020-35717 was published May 24, 2022
On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low... Critical Unreviewed
CVE-2020-12517 was published May 24, 2022
On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12... Critical Unreviewed
CVE-2020-5948 was published May 24, 2022
Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because... Critical Unreviewed
CVE-2020-16608 was published May 24, 2022
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from... Critical Unreviewed
CVE-2020-29071 was published May 24, 2022
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges... Critical Unreviewed
CVE-2020-15952 was published May 24, 2022
A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands. Critical Unreviewed
CVE-2020-18766 was published May 24, 2022
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this... Critical Unreviewed
CVE-2020-27176 was published May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** Leostream Connection Broker 8.2.x is affected by stored XSS. An... Critical Unreviewed
CVE-2020-26574 was published May 24, 2022
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1... Critical Unreviewed
CVE-2020-13169 was published May 24, 2022
A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The... Critical Unreviewed
CVE-2019-13923 was published May 24, 2022
Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway ... Critical Unreviewed
CVE-2019-3638 was published May 24, 2022
The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site... Critical Unreviewed
CVE-2019-15074 was published May 24, 2022
A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service... Critical Unreviewed
CVE-2019-5397 was published May 24, 2022
The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in... Critical Unreviewed
CVE-2019-13478 was published May 24, 2022
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would... Critical Unreviewed
CVE-2019-3873 was published May 24, 2022
Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are... Critical Unreviewed
CVE-2018-18864 was published May 14, 2022
Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this... Critical Unreviewed
CVE-2019-7551 was published May 13, 2022
An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to... Critical Unreviewed
CVE-2018-19222 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database