Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

278 advisories

Loading
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This... Critical Unreviewed
CVE-2022-24123 was published Jan 31, 2022
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26,... Critical Unreviewed
CVE-2021-24814 was published Feb 8, 2022
BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full... Critical Unreviewed
CVE-2021-31589 was published Feb 8, 2022
Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated... Critical Unreviewed
CVE-2022-21241 was published Feb 9, 2022
A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool... Critical Unreviewed
CVE-2021-42940 was published Feb 12, 2022
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross... Critical Unreviewed
CVE-2022-25395 was published Mar 4, 2022
Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability... Critical Unreviewed
CVE-2022-25069 was published Mar 6, 2022
A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling... Critical Unreviewed
CVE-2021-44749 was published Mar 7, 2022
Cross-site Scripting in showdoc/showdoc Critical
CVE-2022-0960 was published for showdoc/showdoc (Composer) Mar 15, 2022
Arbitrary code execution in post-loader Critical
CVE-2022-0748 was published for post-loader (npm) Mar 18, 2022
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in... Critical Unreviewed
CVE-2022-25620 was published Mar 31, 2022
Remote code injection in dompdf/dompdf Critical
CVE-2022-28368 was published for dompdf/dompdf (Composer) Apr 4, 2022
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs... Critical Unreviewed
CVE-2021-32157 was published Apr 12, 2022
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows... Critical Unreviewed
CVE-2022-1346 was published Apr 14, 2022
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to... Critical Unreviewed
CVE-2022-1344 was published Apr 14, 2022
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes Functionality of... Critical Unreviewed
CVE-2021-42136 was published Apr 14, 2022
Cross site scripting in facturascripts Critical
CVE-2022-1457 was published for neorazorx/facturascripts (Composer) Apr 26, 2022
Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code... Critical Unreviewed
CVE-2022-28464 was published Apr 28, 2022
Cross site scripting in FacturaScripts Critical
CVE-2022-1514 was published for facturascripts/facturascripts (Composer) Apr 29, 2022
Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing... Critical Unreviewed
CVE-2022-28101 was published Apr 29, 2022
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18... Critical Unreviewed
CVE-2022-1575 was published May 6, 2022
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries... Critical Unreviewed
CVE-2018-9079 was published May 13, 2022
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the... Critical Unreviewed
CVE-2017-8898 was published May 13, 2022
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering... Critical Unreviewed
CVE-2019-3709 was published May 13, 2022
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an... Critical Unreviewed
CVE-2019-3708 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API