Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,908 advisories

Loading
Cross-site Scripting in TastyIgniter High
CVE-2022-0602 was published for tastyigniter/tastyigniter (Composer) Apr 6, 2022
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin... High Unreviewed
CVE-2022-1347 was published Apr 14, 2022
A remote attacker with write access to PI ProcessBook files could inject code that is imported... High Unreviewed
CVE-2020-25163 was published Apr 19, 2022
Persistent Cross-site Scripting vulnerability in PrivateBin High
CVE-2022-24833 was published for privatebin/privatebin (Composer) Apr 12, 2022
Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds Plugin High
CVE-2022-29045 was published for org.jenkins-ci.plugins:promoted-builds (Maven) Apr 13, 2022
NotMyFault
Cross-site Scripting in Filter Stream Converter Application in XWiki Platform High
CVE-2022-29258 was published for org.xwiki.platform:xwiki-platform-filter-ui (Maven) Jun 1, 2022
XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form High
CVE-2022-36097 was published for org.xwiki.platform:xwiki-platform-attachment-ui (Maven) Sep 16, 2022
XWiki Platform Web Parent POM vulnerable to XSS in the attachment history High
CVE-2022-36094 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
Cross-site Scripting in wiki manager join wiki page High
CVE-2022-29252 was published for org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki (Maven) May 25, 2022
XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list High
CVE-2022-36096 was published for org.xwiki.platform:xwiki-platform-index-ui (Maven) Sep 16, 2022
The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authenticated users to upload... High Unreviewed
CVE-2021-38346 was published May 24, 2022
The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that... High Unreviewed
CVE-2021-38345 was published May 24, 2022
Cross-site Scripting in the Flamingo theme manager High
CVE-2022-29251 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) May 25, 2022
Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote... High Unreviewed
CVE-2022-42786 was published Nov 10, 2022
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2... High Unreviewed
CVE-2021-24728 was published May 24, 2022
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary... High Unreviewed
CVE-2019-9164 was published May 13, 2022
A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and... High Unreviewed
CVE-2017-2683 was published May 17, 2022
Improper handling of email input High
CVE-2022-31127 was published for next-auth (npm) Jul 6, 2022
Sandiipmaity
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS High Unreviewed
CVE-2016-1000116 was published May 17, 2022
XSS & SQLi in HugeIT slideshow v1.0.4 High Unreviewed
CVE-2016-1000117 was published May 17, 2022
The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before... High Unreviewed
CVE-2022-2219 was published Jul 26, 2022
An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0.... High Unreviewed
CVE-2016-8356 was published May 17, 2022
JSPUI Possible Cross Site Scripting in "Request a Copy" Feature High
CVE-2022-31192 was published for org.dspace:dspace-jspui (Maven) Aug 6, 2022
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated... High Unreviewed
CVE-2016-6641 was published May 17, 2022
Possible cross-site scripting attack via unsanitized SVG files in FoF Upload High
CVE-2022-30999 was published for fof/upload (Composer) May 25, 2022
Caesar302
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database