Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,112
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

28,082 advisories

Loading
ember-source vulnerable to Cross-site Scripting Moderate
CVE-2015-1866 was published for ember-source (RubyGems) Aug 28, 2018
Pandao editor.md vulnerable to XSS in IMG attributes Moderate
CVE-2018-16330 was published for editor.md (npm) Sep 6, 2018
mayan-edms Cross-site Scripting vulnerability Moderate
CVE-2018-16405 was published for mayan-edms (pip) Sep 6, 2018
Moderate severity vulnerability that affects mayan-edms Moderate
CVE-2018-16406 was published for mayan-edms (pip) Sep 6, 2018
Moderate severity vulnerability that affects mayan-edms Moderate
CVE-2018-16407 was published for mayan-edms (pip) Sep 6, 2018
Cross-Site Scripting in exceljs Moderate
CVE-2018-16459 was published for exceljs (npm) Sep 11, 2018
Qutebrowser XSS Vulnerability Moderate
CVE-2018-1000559 was published for qutebrowser (pip) Sep 13, 2018
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14041 was published for bootstrap (RubyGems) Sep 13, 2018
jenhae
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14042 was published for bootstrap (RubyGems) Sep 13, 2018
tdunlap607 1Jesper1
Cross-Site Scripting in glance Moderate
CVE-2018-3748 was published for glance (npm) Sep 27, 2018
Cross-Site Scripting in sexstatic Moderate
CVE-2018-3755 was published for sexstatic (npm) Oct 1, 2018
Cross-Site Scripting in public Moderate
CVE-2018-3747 was published for public (npm) Oct 10, 2018
Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page Moderate
CVE-2018-18282 was published for next (npm) Oct 15, 2018
Moderate severity vulnerability that affects DotNetNuke.Core Moderate
CVE-2015-1566 was published for DotNetNuke.Core (NuGet) Oct 16, 2018
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) Moderate
CVE-2016-7119 was published for DotNetNuke.Core (NuGet) Oct 16, 2018
Moderate severity vulnerability that affects apache axis Moderate
CVE-2018-8032 was published for axis:axis (Maven) Oct 16, 2018
Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML Moderate
CVE-2016-5395 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies Moderate
CVE-2016-8751 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.owasp.antisamy:antisamy Moderate
CVE-2016-10006 was published for org.owasp.antisamy:antisamy (Maven) Oct 18, 2018
OWASP AntiSamy Cross-site Scripting vulnerability Moderate
CVE-2017-14735 was published for org.owasp.antisamy:antisamy (Maven) Oct 18, 2018
Stored Cross Site Scripting in Grails Fields Plugin Moderate
CVE-2018-1000529 was published for org.grails.plugins:fields (Maven) Oct 19, 2018
martinfrancois
Cross-Site Scripting in handlebars Moderate
CVE-2015-8861 was published for handlebars (npm) Oct 23, 2018
No Charset in Content-Type Header in express Moderate
CVE-2014-6393 was published for express (npm) Oct 23, 2018
Apache ActiveMQ web console vulnerable to Cross-site Scripting Moderate
CVE-2018-8006 was published for org.apache.activemq:activemq-web-console (Maven) Oct 30, 2018
sunSUNQ
Loofah Cross-site Scripting vulnerability Moderate
CVE-2018-16468 was published for loofah (RubyGems) Nov 1, 2018
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database