GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
174 advisories
Filter by severity
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device...
Moderate
Unreviewed
CVE-2023-24497
was published
Jul 6, 2023
Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device...
Moderate
Unreviewed
CVE-2023-24496
was published
Jul 6, 2023
An improper neutralization of script-related HTML tags in a web page vulnerability [CWE-80] in...
Moderate
Unreviewed
CVE-2022-35850
was published
Apr 11, 2023
The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101,...
Moderate
Unreviewed
CVE-2023-29110
was published
Apr 11, 2023
The SAP Application Interface (Message Monitoring) - versions 600, 700, allows an authorized...
Moderate
Unreviewed
CVE-2023-29112
was published
Apr 11, 2023
A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The...
Critical
Unreviewed
CVE-2019-13923
was published
May 24, 2022
Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. The...
Moderate
Unreviewed
CVE-2019-1010018
was published
May 24, 2022
A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions ...
Moderate
Unreviewed
CVE-2019-10933
was published
May 24, 2022
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1...
Moderate
Unreviewed
CVE-2019-6577
was published
May 24, 2022
A vulnerability in the web-based management interface of Cisco Small Business RV016, RV042,...
Moderate
Unreviewed
CVE-2024-20362
was published
Apr 3, 2024
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has...
Moderate
Unreviewed
CVE-2003-5003
was published
Mar 29, 2022
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been...
Moderate
Unreviewed
CVE-2008-10001
was published
Mar 29, 2022
phpMyFAQ Stored HTML Injection at contentLink
Moderate
CVE-2024-28108
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users...
Moderate
Unreviewed
CVE-2024-1606
was published
Mar 18, 2024
hexo-theme-anzhiyu Cross-site Scripting vulnerability
Moderate
CVE-2024-25865
was published
for
hexo-theme-anzhiyu
(npm)
Mar 3, 2024
XSS sidekiq-unique-jobs UI server vulnerability
High
CVE-2024-25122
was published
for
sidekiq-unique-jobs
(RubyGems)
Feb 13, 2024
Statmic CMS vulnerable to account takeover via XSS and password reset link
High
CVE-2024-24570
was published
for
statamic/cms
(Composer)
Feb 1, 2024
Jetty Javascript Inclusion Vulnerability
Moderate
CVE-2002-1533
was published
for
org.mortbay.jetty:jetty
(Maven)
Apr 30, 2022
Apache Tomcat XSS Vulnerability
Moderate
CVE-2006-7195
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that...
Moderate
Unreviewed
CVE-2023-25833
was published
Jul 6, 2023
An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16...
Moderate
Unreviewed
CVE-2023-5933
was published
Jan 26, 2024
Rancher API Server Cross-site Scripting Vulnerability
High
CVE-2023-32192
was published
for
github.com/rancher/apiserver
(Go)
Feb 8, 2024
Norman API Cross-site Scripting Vulnerability
High
CVE-2023-32193
was published
for
github.com/rancher/norman
(Go)
Feb 8, 2024
phpMyFAQ vulnerable to stored XSS on attachments filename
Moderate
CVE-2024-24574
was published
for
phpmyfaq/phpmyfaq
(Composer)
Feb 5, 2024
Sulu HTML Injection via Autocomplete Suggestion
Low
CVE-2024-24807
was published
for
sulu/sulu
(Composer)
Feb 5, 2024
ProTip!
Advisories are also available from the
GraphQL API