Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

25,567 advisories

Loading
Cross-site scripting in Zimbra Moderate Unreviewed
CVE-2020-11737 was published May 25, 2021
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS. Moderate Unreviewed
CVE-2021-43977 was published Nov 17, 2021
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup... Moderate Unreviewed
CVE-2021-36884 was published Nov 20, 2021
The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site... Moderate Unreviewed
CVE-2021-42363 was published Nov 20, 2021
The "WPO365 | LOGIN" WordPress plugin (up to and including version 15.3) by wpo365.com is... Moderate Unreviewed
CVE-2021-43409 was published Nov 20, 2021
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector... Moderate Unreviewed
CVE-2021-40131 was published Nov 20, 2021
OX App Suite 7.10.5 allows XSS via an OX Chat system message. Moderate Unreviewed
CVE-2021-33495 was published Nov 23, 2021
OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e... Moderate Unreviewed
CVE-2021-38375 was published Nov 23, 2021
OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within... Moderate Unreviewed
CVE-2021-38377 was published Nov 23, 2021
OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file. Moderate Unreviewed
CVE-2021-33489 was published Nov 23, 2021
OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering. Moderate Unreviewed
CVE-2021-33494 was published Nov 23, 2021
OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature. Moderate Unreviewed
CVE-2021-33490 was published Nov 23, 2021
Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a... Moderate Unreviewed
CVE-2021-37999 was published Nov 24, 2021
The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic... Moderate Unreviewed
CVE-2021-24875 was published Nov 24, 2021
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a... Moderate Unreviewed
CVE-2021-31852 was published Nov 24, 2021
The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does not sanitise the Grid... Moderate Unreviewed
CVE-2021-24729 was published Nov 24, 2021
The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link... Moderate Unreviewed
CVE-2021-24812 was published Nov 24, 2021
The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings... Moderate Unreviewed
CVE-2021-24830 was published Nov 24, 2021
Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar System... Moderate Unreviewed
CVE-2021-20840 was published Nov 25, 2021
Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome... Moderate Unreviewed
CVE-2021-36919 was published Nov 27, 2021
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating... Moderate Unreviewed
CVE-2021-36843 was published Nov 27, 2021
Stored cross-site scripting (XSS) was possible in activity details. The following products are... Moderate Unreviewed
CVE-2021-44202 was published Nov 30, 2021
Self cross-site scripting (XSS) was possible on devices page. The following products are affected... Moderate Unreviewed
CVE-2021-44200 was published Nov 30, 2021
Stored cross-site scripting (XSS) was possible in protection plan details. The following products... Moderate Unreviewed
CVE-2021-44203 was published Nov 30, 2021
Cross-site scripting (XSS) was possible in notification pop-ups. The following products are... Moderate Unreviewed
CVE-2021-44201 was published Nov 30, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database