GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
176 advisories
Filter by severity
In Teedy, versions v1.5 through v1.9 are vulnerable to Stored Cross-Site Scripting (XSS) in the...
Critical
Unreviewed
CVE-2022-22115
was published
Jan 11, 2022
In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS). The ...
Critical
Unreviewed
CVE-2022-22114
was published
Jan 11, 2022
The Web server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, TIBCO EBX Add...
Critical
Unreviewed
CVE-2022-22769
was published
Jan 20, 2022
Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using...
Critical
Unreviewed
CVE-2021-40909
was published
Jan 25, 2022
/usr/local/www/pkg.php in pfSense through 2.5.2 uses $_REQUEST['pkg_filter'] in a PHP echo call.
Critical
Unreviewed
CVE-2022-23993
was published
Jan 27, 2022
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This...
Critical
Unreviewed
CVE-2022-24123
was published
Jan 31, 2022
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26,...
Critical
Unreviewed
CVE-2021-24814
was published
Feb 8, 2022
BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full...
Critical
Unreviewed
CVE-2021-31589
was published
Feb 8, 2022
Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated...
Critical
Unreviewed
CVE-2022-21241
was published
Feb 9, 2022
A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool...
Critical
Unreviewed
CVE-2021-42940
was published
Feb 12, 2022
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross...
Critical
Unreviewed
CVE-2022-25395
was published
Mar 4, 2022
Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability...
Critical
Unreviewed
CVE-2022-25069
was published
Mar 6, 2022
A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling...
Critical
Unreviewed
CVE-2021-44749
was published
Mar 7, 2022
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Critical
Unreviewed
CVE-2022-25620
was published
Mar 31, 2022
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs...
Critical
Unreviewed
CVE-2021-32157
was published
Apr 12, 2022
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to...
Critical
Unreviewed
CVE-2022-1344
was published
Apr 14, 2022
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows...
Critical
Unreviewed
CVE-2022-1346
was published
Apr 14, 2022
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes Functionality of...
Critical
Unreviewed
CVE-2021-42136
was published
Apr 14, 2022
Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code...
Critical
Unreviewed
CVE-2022-28464
was published
Apr 28, 2022
Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing...
Critical
Unreviewed
CVE-2022-28101
was published
Apr 29, 2022
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18...
Critical
Unreviewed
CVE-2022-1575
was published
May 6, 2022
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries...
Critical
Unreviewed
CVE-2018-9079
was published
May 13, 2022
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the...
Critical
Unreviewed
CVE-2017-8898
was published
May 13, 2022
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering...
Critical
Unreviewed
CVE-2019-3709
was published
May 13, 2022
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an...
Critical
Unreviewed
CVE-2019-3708
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API