GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
27,836 advisories
Filter by severity
rails_admin ruby gem XSS
Moderate
CVE-2017-12098
was published
for
rails_admin
(RubyGems)
Mar 5, 2018
Doorkeeper is vulnerable to stored XSS and code execution
Moderate
CVE-2018-1000088
was published
for
doorkeeper
(RubyGems)
Mar 13, 2018
Sanitize vulnerable to Improper Input Validation and Cross-site Scripting
High
CVE-2018-3740
was published
for
sanitize
(RubyGems)
Mar 21, 2018
Cross-site Scripting in loofah
Moderate
CVE-2018-8048
was published
for
loofah
(RubyGems)
Mar 21, 2018
Cross-Site Scripting in @risingstack/protect
Moderate
CVE-2018-1000160
was published
for
@risingstack/protect
(npm)
Apr 25, 2018
rails-html-sanitizer Cross-site Scripting vulnerability
Moderate
CVE-2018-3741
was published
for
rails-html-sanitizer
(RubyGems)
Apr 26, 2018
Cross-Site Scripting in @ckeditor/ckeditor5-link
Moderate
CVE-2018-11093
was published
for
@ckeditor/ckeditor5-link
(npm)
May 23, 2018
Sinatra Cross-site Scripting vulnerability
Moderate
CVE-2018-11627
was published
for
sinatra
(RubyGems)
Jun 5, 2018
markdown2 is vulnerable to cross-site scripting
Moderate
CVE-2018-5773
was published
for
markdown2
(pip)
Jul 12, 2018
django-epiceditor vulnerable to XSS in form field
Moderate
CVE-2017-6591
was published
for
django-epiceditor
(pip)
Jul 13, 2018
Cross-site Scripting (XSS) - Stored in crud-file-server
Moderate
CVE-2018-3726
was published
for
crud-file-server
(npm)
Jul 18, 2018
Cross-site scripting in Products.CMFPlone and Products.PasswordResetTool
Moderate
CVE-2011-1948
was published
for
Products.CMFPlone
(pip)
Jul 23, 2018
Moderate severity vulnerability that affects Zope2
Moderate
CVE-2010-1104
was published
for
Zope2
(pip)
Jul 23, 2018
feedparser Cross-site Scripting vulnerability
Moderate
CVE-2011-1158
was published
for
feedparser
(pip)
Jul 23, 2018
feedparser Cross-site Scripting vulnerability
Moderate
CVE-2011-1157
was published
for
feedparser
(pip)
Jul 23, 2018
Low severity vulnerability that affects Plone
Low
CVE-2011-1949
was published
for
Plone
(pip)
Jul 23, 2018
Cross-Site Scripting in i18next
Moderate
CVE-2017-16010
was published
for
i18next
(npm)
Jul 24, 2018
Stored Cross-Site Scripting in simplehttpserver
Moderate
CVE-2018-3716
was published
for
simplehttpserver
(npm)
Jul 26, 2018
bracket-template vulnerable to reflected XSS
Moderate
CVE-2018-3735
was published
for
bracket-template
(npm)
Jul 27, 2018
Macro in MathJax running untrusted Javascript within a web browser
Moderate
CVE-2018-1999024
was published
for
mathjax
(npm)
Jul 27, 2018
radiant vulnerable to Cross-site Scripting
Moderate
CVE-2018-7261
was published
for
radiant
(RubyGems)
Jul 27, 2018
metascraper before v5.2.0 vulnerable to stored cross-site scripting
Moderate
CVE-2018-3773
was published
for
metascraper
(npm)
Aug 8, 2018
ProTip!
Advisories are also available from the
GraphQL API