Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,112
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,901 advisories

Loading
Cross-Site Scripting in eco High
GHSA-r32x-jhw5-g48p was published for eco (npm) Sep 3, 2020
Cross-site scripting in eZ Platform Kernel High
GHSA-mrvj-7q4f-5p42 was published for ezsystems/ezplatform-kernel (Composer) Mar 19, 2021
Cross-Site Scripting in react High
GHSA-hg79-j56m-fxgv was published for react (npm) Sep 4, 2020
apostolos
Cross-Site Scripting in ngx-md High
GHSA-xr53-m937-jr9c was published for ngx-md (npm) Sep 3, 2020
Cross-Site Scripting in console-feed High
GHSA-g9wg-wq4f-2x5w was published for console-feed (npm) Sep 3, 2020
Cross-Site Scripting in markdown-to-jsx High
GHSA-ccrp-c664-8p4j was published for markdown-to-jsx (npm) Sep 3, 2020
Cross-Site Scripting in nextcloud-vue-collections High
GHSA-whv6-rj84-2vh2 was published for nextcloud-vue-collections (npm) Sep 4, 2020
Cross-Site Scripting in lazysizes High
GHSA-w4vp-3mq7-7v82 was published for lazysizes (npm) Sep 3, 2020
Inline attribute values were not processed. High
CVE-2020-15263 was published for orchid/platform (Composer) Oct 19, 2020
Cross-Site Scripting bypass in html-purify High
GHSA-5p28-63mc-cgr9 was published for html-purify (npm) Dec 4, 2020
Cross-site Scripting Vulnerability in GraphQL Playground (distributed by Apollo Server) High
GHSA-qm7x-rc44-rrqw was published for apollo-server (npm) Nov 8, 2021
Ry0taK
fuelux vulnerable to Cross-Site Scripting in Pillbox feature High
CVE-2016-1000235 was published for fuelux (npm) Sep 1, 2020
Cross Site Scripting vulnerability in django-jsonform's admin form. High
GHSA-x9jp-4w8m-4f3c was published for django-jsonform (pip) Jun 10, 2022
XSS Vulnerability in Markdown Editor High
GHSA-85q9-7467-r53q was published for inventree (pip) Jun 17, 2022
Gaurav-G2
Potential XSS injection In PrestaShop contactform High
CVE-2020-15178 was published for prestashop/contactform (Composer) Sep 15, 2020
Lithium vulnerable to Cross Site Scripting in provided Swagger-UI High
GHSA-f36p-42jv-8rh2 was published for com.wire.bots:lithium (Maven) Sep 30, 2022
comawill
Cross-site scripting from content entered in the tags and multiselect fields High
GHSA-rv3r-vqjj-8c76 was published for getkirby/cms (Composer) Aug 30, 2022
gatsby-transformer-remark has possible unsanitized JavaScript code injection High
CVE-2023-22491 was published for gatsby-transformer-remark (npm) Jan 11, 2023
Sanitize vulnerable to Improper Input Validation and Cross-site Scripting High
CVE-2018-3740 was published for sanitize (RubyGems) Mar 21, 2018
Gravitee API Management contains Path Traversal High
CVE-2022-38723 was published for io.gravitee.apim:gravitee-api-management (Maven) Jan 4, 2023
Cross-site Scripting in microweber High
CVE-2022-0930 was published for microweber/microweber (Composer) Mar 13, 2022
Stored Cross-site Scripting in grav High
CVE-2022-0970 was published for getgrav/grav (Composer) Mar 16, 2022
Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML High
CVE-2021-41164 was published for ckeditor4 (npm) Nov 17, 2021
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A... High Unreviewed
CVE-2021-44082 was published Mar 31, 2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in directus High
CVE-2022-24814 was published for directus (npm) Apr 5, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database