GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
278 advisories
Filter by severity
In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names...
Critical
Unreviewed
CVE-2021-43523
was published
May 24, 2022
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress...
Critical
Unreviewed
CVE-2021-43047
was published
May 24, 2022
The Jetpack Scan team identified a Reflected Cross-Site Scripting via the...
Critical
Unreviewed
CVE-2021-24229
was published
May 24, 2022
Mautic stored Cross-site Scripting (XSS)
Critical
CVE-2020-35129
was published
for
mautic/core
(Composer)
May 24, 2022
AEM's Cloud Service offering, as well as versions 6.5.6.0 (and below), 6.4.8.2 (and below) and 6...
Critical
Unreviewed
CVE-2020-24445
was published
May 24, 2022
Cross-site Scripting vulnerability in Mautic's tracking pixel functionality
Critical
CVE-2022-25772
was published
for
mautic/core
(Composer)
May 25, 2022
In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability....
Critical
Unreviewed
CVE-2022-32271
was published
Jun 4, 2022
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client...
Critical
Unreviewed
CVE-2022-29095
was published
Jun 11, 2022
Argo CD's external URLs for Deployments can include JavaScript
Critical
CVE-2022-31035
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution,...
Critical
Unreviewed
CVE-2021-26636
was published
Jun 24, 2022
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an...
Critical
Unreviewed
CVE-2022-2140
was published
Jun 28, 2022
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin...
Critical
Unreviewed
CVE-2021-43702
was published
Jul 6, 2022
Insufficient user input in Apache Jetspeed-2
Critical
CVE-2022-32533
was published
for
org.apache.portals.jetspeed-2:jetspeed-commons
(Maven)
Jul 7, 2022
Java Melody vulnerable to cross-site scripting
Critical
CVE-2016-1000273
was published
for
net.bull.javamelody:javamelody-core
(Maven)
Jul 20, 2022
Joplin is vulnerable to arbitrary code execution
Critical
CVE-2022-35131
was published
for
joplin
(npm)
Jul 26, 2022
A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo...
Critical
Unreviewed
CVE-2022-28712
was published
Aug 23, 2022
A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection...
Critical
Unreviewed
CVE-2022-26842
was published
Aug 23, 2022
Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to...
Critical
Unreviewed
CVE-2020-19586
was published
Sep 15, 2022
XWiki Platform Mentions UI vulnerable to Cross-site Scripting
Critical
CVE-2022-36098
was published
for
org.xwiki.platform:xwiki-platform-mentions-ui
(Maven)
Sep 16, 2022
Valine code injection vulnerability
Critical
CVE-2022-38545
was published
for
valine
(npm)
Sep 20, 2022
The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable...
Critical
Unreviewed
CVE-2022-30577
was published
Sep 22, 2022
The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily...
Critical
Unreviewed
CVE-2022-30578
was published
Sep 22, 2022
Gogs vulnerable to Cross-site Scripting
Critical
CVE-2022-32174
was published
for
gogs.io/gogs
(Go)
Oct 11, 2022
In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to...
Critical
Unreviewed
CVE-2022-42711
was published
Oct 12, 2022
Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored...
Critical
Unreviewed
CVE-2022-35698
was published
Oct 15, 2022
ProTip!
Advisories are also available from the
GraphQL API