Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

27,837 advisories

Loading
An issue was discovered in CrushFTP 9. The creation of a new user through the /WebInterface... Moderate Unreviewed
CVE-2021-44076 was published Sep 16, 2022
Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability. Moderate Unreviewed
CVE-2022-29649 was published Sep 16, 2022
A stored cross-site scripting (XSS) vulnerability in the auth_settings component of FiberHome... Moderate Unreviewed
CVE-2022-38814 was published Sep 16, 2022
There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin ... Moderate Unreviewed
CVE-2022-27561 was published Sep 16, 2022
PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. The... Moderate Unreviewed
CVE-2022-37137 was published Sep 15, 2022
Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability. Moderate Unreviewed
CVE-2022-37139 was published Sep 15, 2022
An unauthenticated user can create a link with reflected Javascript code inside the backurl... Moderate Unreviewed
CVE-2022-40626 was published Sep 15, 2022
Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several... Moderate Unreviewed
CVE-2022-36668 was published Sep 15, 2022
Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to... Critical Unreviewed
CVE-2020-19586 was published Sep 15, 2022
Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business... Moderate Unreviewed
CVE-2020-19587 was published Sep 15, 2022
ouqiang gocron Cross-site scripting vulnerability Moderate
CVE-2022-40365 was published for github.com/ouqiang/gocron (Go) Sep 15, 2022
Project Wonder WebObjects vulnerable to Arbitrary HTTP Header Injection and Cross-site Scripting Moderate
CVE-2022-37724 was published for wonder:wonder (Maven) Sep 15, 2022
insert HTML / js code inside input how to get to the vulnerable input : Workers > worker... Moderate Unreviewed
CVE-2022-36778 was published Sep 14, 2022
An attacker with no prior authentication could craft and send malicious script to SAP GUI for... Moderate Unreviewed
CVE-2022-39799 was published Sep 14, 2022
An attacker with basic business user privileges could craft and upload a malicious file to SAP... Moderate Unreviewed
CVE-2022-35294 was published Sep 14, 2022
SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user... Moderate Unreviewed
CVE-2022-35298 was published Sep 14, 2022
An XSS exists in automation controller UI where the project name is susceptible to XSS injection Moderate Unreviewed
CVE-2022-3205 was published Sep 14, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting.... Moderate Unreviewed
CVE-2022-34336 was published Sep 14, 2022
Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being... Moderate Unreviewed
CVE-2022-31861 was published Sep 14, 2022
Moodle Cross-site Scripting vulnerability Moderate
CVE-2021-36568 was published for moodle/moodle (Composer) Sep 14, 2022
In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description... Moderate Unreviewed
CVE-2022-37796 was published Sep 13, 2022
Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for... Moderate Unreviewed
CVE-2022-38972 was published Sep 13, 2022
Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel... Moderate Unreviewed
CVE-2022-36254 was published Sep 13, 2022
Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager... Moderate Unreviewed
CVE-2022-38295 was published Sep 13, 2022
SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting ... Moderate Unreviewed
CVE-2022-38291 was published Sep 13, 2022
ProTip! Advisories are also available from the GraphQL API