GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
42 advisories
Filter by severity
Cross Site Scripting vulnerability in wsgidav when directory browsing is enabled
High
CVE-2022-41905
was published
for
wsgidav
(pip)
Nov 16, 2022
XSS Vulnerability in Markdown Editor
High
GHSA-85q9-7467-r53q
was published
for
inventree
(pip)
Jun 17, 2022
Cross Site Scripting vulnerability in django-jsonform's admin form.
High
GHSA-x9jp-4w8m-4f3c
was published
for
django-jsonform
(pip)
Jun 10, 2022
calibre-web is vulnerable to Cross-site Scripting
High
CVE-2021-4170
was published
for
calibreweb
(pip)
Jan 21, 2022
OTF-001: Improper Input Sanitation: The path parameter of the requested URL is not sanitized before being passed to the QT frontend
High
CVE-2022-21690
was published
for
onionshare-cli
(pip)
Jan 21, 2022
lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through
High
CVE-2021-43818
was published
for
lxml
(pip)
Dec 13, 2021
django-helpdesk is vulnerable to Cross-site Scripting
High
CVE-2021-3994
was published
for
django-helpdesk
(pip)
Dec 3, 2021
Cross-site Scripting in django-helpdesk
High
CVE-2021-3950
was published
for
django-helpdesk
(pip)
Nov 23, 2021
Cross-site Scripting in django-helpdesk
High
CVE-2021-3945
was published
for
django-helpdesk
(pip)
Nov 15, 2021
JupyterLab: XSS due to lack of sanitization of the action attribute of an html <form>
High
CVE-2021-32797
was published
for
jupyterlab
(pip)
Aug 23, 2021
Duplicate Advisory: Reflected cross-site scripting issue in Datasette
High
GHSA-gff3-739c-gxfq
was published
for
datasette
(pip)
Jun 10, 2021
•
withdrawn
Reflected cross-site scripting issue in Datasette
High
CVE-2021-32670
was published
for
datasette
(pip)
Jun 7, 2021
Remote Code Execution (RCE) Exploit on Cross Site Scripting (XSS) Vulnerability
High
CVE-2020-26249
was published
for
red-dashboard
(pip)
Dec 8, 2020
malicious SVG attachment causing stored XSS vulnerability
High
CVE-2020-15275
was published
for
moin
(pip)
Nov 11, 2020
ProTip!
Advisories are also available from the
GraphQL API