GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
406 advisories
Filter by severity
Cross-site Scripting (XSS) in @scullyio/scully
High
CVE-2020-28470
was published
for
@scullyio/scully
(npm)
Apr 13, 2021
Cross-site scripting in eZ Platform Kernel
High
GHSA-mrvj-7q4f-5p42
was published
for
ezsystems/ezplatform-kernel
(Composer)
Mar 19, 2021
Reflected Cross-site Scripting in ACS Commons
High
CVE-2021-21028
was published
for
com.adobe.acs:acs-aem-commons
(Maven)
Feb 2, 2021
Remote Code Execution (RCE) Exploit on Cross Site Scripting (XSS) Vulnerability
High
CVE-2020-26249
was published
for
red-dashboard
(pip)
Dec 8, 2020
Cross-Site Scripting bypass in html-purify
High
GHSA-5p28-63mc-cgr9
was published
for
html-purify
(npm)
Dec 4, 2020
Cross-Site Scripting through Fluid view helper arguments
High
CVE-2020-26216
was published
for
typo3fluid/fluid
(Composer)
Nov 18, 2020
malicious SVG attachment causing stored XSS vulnerability
High
CVE-2020-15275
was published
for
moin
(pip)
Nov 11, 2020
Cross-Site Scripting in scratch-svg-renderer
High
CVE-2020-7750
was published
for
scratch-svg-renderer
(npm)
Nov 9, 2020
Inline attribute values were not processed.
High
CVE-2020-15263
was published
for
orchid/platform
(Composer)
Oct 19, 2020
Potential XSS injection In PrestaShop contactform
High
CVE-2020-15178
was published
for
prestashop/contactform
(Composer)
Sep 15, 2020
Cross-Site Scripting in node-red
High
GHSA-5g6j-8hv4-vfgj
was published
for
node-red
(npm)
Sep 11, 2020
Cross-Site Scripting in markdown-it-katex
High
GHSA-5ff8-jcf9-fw62
was published
for
markdown-it-katex
(npm)
Sep 4, 2020
Cross-Site Scripting in atlasboard-atlassian-package
High
GHSA-25v4-mcx4-hh35
was published
for
atlasboard-atlassian-package
(npm)
Sep 4, 2020
Cross-Site Scripting in nextcloud-vue-collections
High
GHSA-whv6-rj84-2vh2
was published
for
nextcloud-vue-collections
(npm)
Sep 4, 2020
Cross-Site Scripting in markdown-to-jsx
High
GHSA-ccrp-c664-8p4j
was published
for
markdown-to-jsx
(npm)
Sep 3, 2020
Cross-Site Scripting in hexo-admin
High
GHSA-phph-xpj4-wvcv
was published
for
hexo-admin
(npm)
Sep 3, 2020
Cross-Site Scripting in snekserve
High
GHSA-hv4w-jhcj-6wfw
was published
for
snekserve
(npm)
Sep 3, 2020
Cross-Site Scripting in console-feed
High
GHSA-g9wg-wq4f-2x5w
was published
for
console-feed
(npm)
Sep 3, 2020
Cross-Site Scripting in dmn-js-properties-panel
High
GHSA-h9wr-xr4r-66fh
was published
for
dmn-js-properties-panel
(npm)
Sep 3, 2020
Cross-Site Scripting in cmmn-js-properties-panel
High
GHSA-vmh4-322v-cfpc
was published
for
cmmn-js-properties-panel
(npm)
Sep 3, 2020
Cross-Site Scripting in bpmn-js-properties-panel
High
GHSA-vpj4-89q8-rh38
was published
for
bpmn-js-properties-panel
(npm)
Sep 3, 2020
Cross-Site Scripting in takeapeek
High
GHSA-4q2f-8g74-qm56
was published
for
takeapeek
(npm)
Sep 3, 2020
ProTip!
Advisories are also available from the
GraphQL API