GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
27,837 advisories
Filter by severity
XSS in login form
Moderate
CVE-2019-13235
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
XSS issues in the management interface
Moderate
CVE-2019-13236
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
Magento Cross-Site Scripting via Attribute Set Name
Moderate
CVE-2019-8145
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Composer JavaScript injection possible via html comments
Moderate
CVE-2019-8233
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Symfony Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2019-10909
was published
for
drupal/core
(Composer)
Nov 12, 2019
Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke
Moderate
CVE-2019-12562
was published
for
DotNetNuke.Core
(NuGet)
Nov 18, 2019
Apache Airflow vulnerable to XSS and local file disclosure
Moderate
CVE-2019-12417
was published
for
airflow
(pip)
Nov 22, 2019
Pannellum Cross-Site Scripting due to data not being sanitized for URIs or vbscript
Moderate
CVE-2019-16763
was published
for
pannellum
(npm)
Nov 22, 2019
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
Critical
CVE-2019-10913
was published
for
symfony/http-foundation
(Composer)
Dec 2, 2019
Unescaped exception messages in error responses in Jetty
Moderate
CVE-2019-17632
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Dec 2, 2019
Cross-Site Scripting in iobroker.web
Moderate
CVE-2019-10771
was published
for
iobroker.web
(npm)
Dec 2, 2019
Cross-Site Scripting in serialize-javascript
Moderate
CVE-2019-16769
was published
for
serialize-javascript
(npm)
Dec 5, 2019
Cross-Site Scripting in serialize-to-js
Low
CVE-2019-16772
was published
for
serialize-to-js
(npm)
Dec 6, 2019
The SafeHtml annotation in Hibernate-Validator does not properly guard against XSS attacks
Moderate
CVE-2019-10219
was published
for
org.hibernate.validator:hibernate-validator
(Maven)
Jan 8, 2020
XSS in enshrined/svg-sanitize due to mishandled script and data values in attributes
High
CVE-2019-18857
was published
for
enshrined/svg-sanitize
(Composer)
Jan 8, 2020
Stored XSS in Apache Atlas
Moderate
CVE-2019-10070
was published
for
org.apache.atlas:apache-atlas
(Maven)
Jan 8, 2020
Persistent XSS vulnerability in filename of attached file in PrivateBin
Moderate
CVE-2020-5223
was published
for
privatebin/privatebin
(Composer)
Jan 14, 2020
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application
High
CVE-2020-5398
was published
for
org.springframework:spring-webflux
(Maven)
Jan 21, 2020
Cross-site scripting in SimpleSAMLphp
Low
CVE-2020-5226
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Default development error handler in Ratpack is vulnerable to HTML content injection (XSS)
Moderate
CVE-2019-10770
was published
for
io.ratpack:ratpack-core
(Maven)
Jan 27, 2020
XSS in Dolibarr ERP & CRM
Moderate
CVE-2020-7996
was published
for
dolibarr/dolibarr
(Composer)
Jan 28, 2020
Cross-Site Scripting in node-red
Moderate
CVE-2019-15607
was published
for
node-red
(npm)
Jan 30, 2020
Cross-site scripting vulnerability in TinyMCE
High
CVE-2020-17480
was published
for
tinymce
(npm)
Jan 30, 2020
auth0-lock vulnerable to XSS via unsanitized placeholder property
Moderate
CVE-2019-20174
was published
for
auth0-lock
(npm)
Jan 31, 2020
ProTip!
Advisories are also available from the
GraphQL API