GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,001
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
196 advisories
Filter by severity
Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown
Moderate
GHSA-755v-r4x4-qf7m
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 29, 2022
Cross Site Scripting vulnerability in django-jsonform's admin form.
High
GHSA-x9jp-4w8m-4f3c
was published
for
django-jsonform
(pip)
Jun 10, 2022
Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/sylius
Moderate
CVE-2022-24749
was published
for
Sylius/Sylius
(Composer)
Mar 14, 2022
An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin...
High
Unreviewed
CVE-2022-0989
was published
Apr 12, 2022
XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form
High
CVE-2022-36097
was published
for
org.xwiki.platform:xwiki-platform-attachment-ui
(Maven)
Sep 16, 2022
XWiki Platform Web Parent POM vulnerable to XSS in the attachment history
High
CVE-2022-36094
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Sep 16, 2022
A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated...
Moderate
Unreviewed
CVE-2021-1351
was published
May 24, 2022
XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list
High
CVE-2022-36096
was published
for
org.xwiki.platform:xwiki-platform-index-ui
(Maven)
Sep 16, 2022
Cross-site Scripting in the Flamingo theme manager
High
CVE-2022-29251
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
May 25, 2022
The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient...
Moderate
Unreviewed
CVE-2021-39348
was published
May 24, 2022
Cross-site Scripting vulnerability in repository issue list in Gogs
Moderate
CVE-2022-31038
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
Twisted vulnerable to NameVirtualHost Host header injection
Moderate
CVE-2022-39348
was published
for
twisted
(pip)
Oct 26, 2022
A vulnerability was found in Itech Movie Portal Script 7.36. It has been rated as problematic....
Moderate
Unreviewed
CVE-2017-20140
was published
Jul 23, 2022
A stored cross-site scripting vulnerability exists in the HdConfigActions.aspx altertextlanguages...
Moderate
Unreviewed
CVE-2022-28703
was published
Dec 15, 2022
HTML Injection in ActiveMQ Artemis Web Console
Moderate
CVE-2022-35278
was published
for
org.apache.activemq:artemis-server
(Maven)
Aug 24, 2022
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow...
Moderate
Unreviewed
CVE-2019-19285
was published
May 24, 2022
A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated,...
Moderate
Unreviewed
CVE-2021-1420
was published
May 24, 2022
This issue affects: QNAP Systems Inc. Q'center versions prior to 1.11.1004.
Moderate
Unreviewed
CVE-2021-28803
was published
May 24, 2022
A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If...
Moderate
Unreviewed
CVE-2020-36196
was published
May 24, 2022
jquery.terminal self XSS on user input
Low
CVE-2021-43862
was published
for
jquery.terminal
(npm)
Jan 6, 2022
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been...
Moderate
Unreviewed
CVE-2019-25070
was published
Jun 10, 2022
Stored cross-site scripting in Grid component in Vaadin 7 and 8
Moderate
CVE-2019-25028
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogs
Moderate
CVE-2021-29438
was published
for
@nextcloud/dialogs
(npm)
Apr 16, 2021
Cross-site scripting (XSS) from image block content in the site frontend
Moderate
CVE-2021-41258
was published
for
getkirby/cms
(Composer)
Nov 16, 2021
ProTip!
Advisories are also available from the
GraphQL API