Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

168 advisories

Loading
Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java... Critical Unreviewed
CVE-2023-30319 was published Jul 6, 2023
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java... Critical Unreviewed
CVE-2023-30320 was published Jul 6, 2023
Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker... Critical Unreviewed
CVE-2023-34192 was published Jul 6, 2023
Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet... Critical Unreviewed
CVE-2023-30321 was published Jul 6, 2023
An issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can... Critical Unreviewed
CVE-2022-45938 was published Jun 2, 2023
An issue was discovered in Faronics Insight 10.0.19045 on Windows. It is possible for an attacker... Critical Unreviewed
CVE-2023-28347 was published May 31, 2023
XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to... Critical Unreviewed
CVE-2023-21516 was published May 27, 2023
Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management... Critical Unreviewed
CVE-2023-31703 was published May 17, 2023
An improper neutralization of input during web page generation ('Cross-site Scripting')... Critical Unreviewed
CVE-2023-22637 was published May 4, 2023
Cross Site Scripting vulnerability found in Netgate pfSense 2.4.4 and ACME package v.0.6.3 allows... Critical Unreviewed
CVE-2020-21487 was published Apr 4, 2023
The web configuration service of the affected device contains an authenticated command injection... Critical Unreviewed
CVE-2023-0432 was published Mar 31, 2023
Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing... Critical Unreviewed
CVE-2022-42948 was published Mar 24, 2023
Cross Site Scripting vulnerability found in Markdown Edit allows a remote attacker to execute... Critical Unreviewed
CVE-2020-19947 was published Mar 16, 2023
Cross Site Scripting Vulnerability in Wyomind Help Desk Magento 2 extension v.1.3.6 and before... Critical Unreviewed
CVE-2021-33351 was published Mar 9, 2023
Cross Site Scripting Vulnerability in MiniCMS v.1.10 allows attacker to execute arbitrary code... Critical Unreviewed
CVE-2021-33387 was published Feb 24, 2023
Countly, a product analytics solution, is vulnerable to cross-site scripting prior to version 21... Critical Unreviewed
CVE-2021-32852 was published Feb 21, 2023
**UNSUPPORTED WHEN ASSIGNED** Cross Site Scripting (XSS) in HP Deskjet 2540 series printer... Critical Unreviewed
CVE-2022-48311 was published Feb 6, 2023
** UNSUPPORTED WHEN ASSIGNED ** Cross Site Scripting (XSS) vulnerability in Teradek Slice 1st... Critical Unreviewed
CVE-2021-37373 was published Feb 3, 2023
Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB devices with firmware through RTS/RTD 3... Critical Unreviewed
CVE-2023-24508 was published Jan 26, 2023
Caret is vulnerable to an XSS attack when the user opens a crafted Markdown file when preview... Critical Unreviewed
CVE-2022-42967 was published Jan 11, 2023
Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an... Critical Unreviewed
CVE-2022-34322 was published Jan 1, 2023
Cross Site Scripting (XSS) vulnerability in Things Board 3.4.1 allows remote attackers to... Critical Unreviewed
CVE-2022-40004 was published Dec 16, 2022
A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2... Critical Unreviewed
CVE-2022-31358 was published Dec 14, 2022
A vulnerability has been found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected... Critical Unreviewed
CVE-2022-4353 was published Dec 8, 2022
A vulnerability was found in LinZhaoguan pb-cms 2.0 and classified as problematic. Affected by... Critical Unreviewed
CVE-2022-4354 was published Dec 8, 2022
ProTip! Advisories are also available from the GraphQL API