Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

27,836 advisories

Loading
Cross-Site Scripting in iobroker.web Moderate
CVE-2019-10771 was published for iobroker.web (npm) Dec 2, 2019
Cross-site scripting in SimpleSAMLphp Low
CVE-2020-5226 was published for simplesamlphp/simplesamlphp (Composer) Jan 24, 2020
Cross-Site Scripting in selectize-plugin-a11y Moderate
CVE-2019-15482 was published for selectize-plugin-a11y (npm) Aug 27, 2019
Cross-Site Scripting in vant High
GHSA-9xr8-8hmc-389f was published for vant (npm) Nov 22, 2019
Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke Moderate
CVE-2019-12562 was published for DotNetNuke.Core (NuGet) Nov 18, 2019
Stored XSS in Apache Atlas Moderate
CVE-2019-10070 was published for org.apache.atlas:apache-atlas (Maven) Jan 8, 2020
XSS issues in the management interface Moderate
CVE-2019-13236 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
XSS in enshrined/svg-sanitize due to mishandled script and data values in attributes High
CVE-2019-18857 was published for enshrined/svg-sanitize (Composer) Jan 8, 2020
ohader
XSS in search engine Moderate
CVE-2019-13234 was published for org.opencms:opencms-core (Maven) Nov 12, 2019
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony Critical
CVE-2019-10913 was published for symfony/http-foundation (Composer) Dec 2, 2019
Persistent XSS vulnerability in filename of attached file in PrivateBin Moderate
CVE-2020-5223 was published for privatebin/privatebin (Composer) Jan 14, 2020
XSS in dojox due to insufficient escape in dojox.xmpp.util.xmlEncode Moderate
CVE-2019-10785 was published for dojox (npm) Feb 13, 2020
JLLeitschuh
Cross-Site Scripting in seeftl High
CVE-2019-15603 was published for seeftl (npm) Apr 1, 2020
Persistent Cross-Site scripting in Nexus Repository Manager Moderate
CVE-2020-10203 was published for org.sonatype.nexus:nexus-core (Maven) Apr 14, 2020
Cross-Site Scripting in BookStack Moderate
CVE-2020-11055 was published for ssddanbrown/bookstack (Composer) May 7, 2020
XSS in TinyMCE Moderate
CVE-2019-1010091 was published for tinymce (npm) May 11, 2020
XSS in Dolibarr Moderate
CVE-2020-13094 was published for dolibarr/dolibarr (Composer) May 21, 2020
Cross-site scripting in PHPMailer Moderate
CVE-2017-11503 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Reflected XSS in GraphQL Playground High
CVE-2020-4038 was published for graphql-playground-html (npm) Jun 9, 2020
Cross-Site Scripting in fileview High
CVE-2019-15602 was published for fileview (npm) Apr 1, 2020
Cross-Site Scripting in sanitize-html Moderate
CVE-2016-1000237 was published for sanitize-html (npm) Apr 16, 2020
Cross-Site Scripting (XSS) in Verdaccio Moderate
CVE-2019-14772 was published for verdaccio (npm) May 29, 2019
evilpacket
Sanitizer bypass in svg-sanitizer Moderate
CVE-2019-10772 was published for enshrined/svg-sanitize (Composer) Feb 27, 2020
Cross-Site Scripting in SVG Sanitizer Moderate
CVE-2020-11070 was published for t3g/svg-sanitizer (Composer) May 13, 2020
NeoBlack
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) Moderate
CVE-2016-7119 was published for DotNetNuke.Core (NuGet) Oct 16, 2018
ProTip! Advisories are also available from the GraphQL API