GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
278 advisories
Filter by severity
MarkText through 0.16.3 does not sanitize the input of a mermaid block before rendering. This...
Critical
Unreviewed
CVE-2022-24123
was published
Jan 31, 2022
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26,...
Critical
Unreviewed
CVE-2021-24814
was published
Feb 8, 2022
BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full...
Critical
Unreviewed
CVE-2021-31589
was published
Feb 8, 2022
Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated...
Critical
Unreviewed
CVE-2022-21241
was published
Feb 9, 2022
A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool...
Critical
Unreviewed
CVE-2021-42940
was published
Feb 12, 2022
Cosmetics and Beauty Product Online Store v1.0 was discovered to contain multiple reflected cross...
Critical
Unreviewed
CVE-2022-25395
was published
Mar 4, 2022
Mark Text v0.16.3 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability...
Critical
Unreviewed
CVE-2022-25069
was published
Mar 6, 2022
A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling...
Critical
Unreviewed
CVE-2021-44749
was published
Mar 7, 2022
Cross-site Scripting in showdoc/showdoc
Critical
CVE-2022-0960
was published
for
showdoc/showdoc
(Composer)
Mar 15, 2022
Arbitrary code execution in post-loader
Critical
CVE-2022-0748
was published
for
post-loader
(npm)
Mar 18, 2022
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in...
Critical
Unreviewed
CVE-2022-25620
was published
Mar 31, 2022
Remote code injection in dompdf/dompdf
Critical
CVE-2022-28368
was published
for
dompdf/dompdf
(Composer)
Apr 4, 2022
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs...
Critical
Unreviewed
CVE-2021-32157
was published
Apr 12, 2022
Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows...
Critical
Unreviewed
CVE-2022-1346
was published
Apr 14, 2022
Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to...
Critical
Unreviewed
CVE-2022-1344
was published
Apr 14, 2022
A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes Functionality of...
Critical
Unreviewed
CVE-2021-42136
was published
Apr 14, 2022
Cross site scripting in facturascripts
Critical
CVE-2022-1457
was published
for
neorazorx/facturascripts
(Composer)
Apr 26, 2022
Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code...
Critical
Unreviewed
CVE-2022-28464
was published
Apr 28, 2022
Cross site scripting in FacturaScripts
Critical
CVE-2022-1514
was published
for
facturascripts/facturascripts
(Composer)
Apr 29, 2022
Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing...
Critical
Unreviewed
CVE-2022-28101
was published
Apr 29, 2022
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18...
Critical
Unreviewed
CVE-2022-1575
was published
May 6, 2022
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries...
Critical
Unreviewed
CVE-2018-9079
was published
May 13, 2022
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the...
Critical
Unreviewed
CVE-2017-8898
was published
May 13, 2022
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering...
Critical
Unreviewed
CVE-2019-3709
was published
May 13, 2022
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an...
Critical
Unreviewed
CVE-2019-3708
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API