GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
27,837 advisories
Filter by severity
An issue was discovered in CrushFTP 9. The creation of a new user through the /WebInterface...
Moderate
Unreviewed
CVE-2021-44076
was published
Sep 16, 2022
Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability.
Moderate
Unreviewed
CVE-2022-29649
was published
Sep 16, 2022
A stored cross-site scripting (XSS) vulnerability in the auth_settings component of FiberHome...
Moderate
Unreviewed
CVE-2022-38814
was published
Sep 16, 2022
There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin ...
Moderate
Unreviewed
CVE-2022-27561
was published
Sep 16, 2022
PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket. The...
Moderate
Unreviewed
CVE-2022-37137
was published
Sep 15, 2022
Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
Moderate
Unreviewed
CVE-2022-37139
was published
Sep 15, 2022
An unauthenticated user can create a link with reflected Javascript code inside the backurl...
Moderate
Unreviewed
CVE-2022-40626
was published
Sep 15, 2022
Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several...
Moderate
Unreviewed
CVE-2022-36668
was published
Sep 15, 2022
Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to...
Critical
Unreviewed
CVE-2020-19586
was published
Sep 15, 2022
Cross Site Scripting (XSS) vulnerability in configMap parameters in Yellowfin Business...
Moderate
Unreviewed
CVE-2020-19587
was published
Sep 15, 2022
ouqiang gocron Cross-site scripting vulnerability
Moderate
CVE-2022-40365
was published
for
github.com/ouqiang/gocron
(Go)
Sep 15, 2022
Project Wonder WebObjects vulnerable to Arbitrary HTTP Header Injection and Cross-site Scripting
Moderate
CVE-2022-37724
was published
for
wonder:wonder
(Maven)
Sep 15, 2022
insert HTML / js code inside input how to get to the vulnerable input : Workers > worker...
Moderate
Unreviewed
CVE-2022-36778
was published
Sep 14, 2022
An attacker with no prior authentication could craft and send malicious script to SAP GUI for...
Moderate
Unreviewed
CVE-2022-39799
was published
Sep 14, 2022
An attacker with basic business user privileges could craft and upload a malicious file to SAP...
Moderate
Unreviewed
CVE-2022-35294
was published
Sep 14, 2022
SAP NetWeaver Enterprise Portal (KMC) - version 7.50, does not sufficiently encode user...
Moderate
Unreviewed
CVE-2022-35298
was published
Sep 14, 2022
An XSS exists in automation controller UI where the project name is susceptible to XSS injection
Moderate
Unreviewed
CVE-2022-3205
was published
Sep 14, 2022
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting....
Moderate
Unreviewed
CVE-2022-34336
was published
Sep 14, 2022
Cross site Scripting (XSS) in ThingsBoard IoT Platform through 3.3.4.1 via a crafted value being...
Moderate
Unreviewed
CVE-2022-31861
was published
Sep 14, 2022
Moodle Cross-site Scripting vulnerability
Moderate
CVE-2021-36568
was published
for
moodle/moodle
(Composer)
Sep 14, 2022
In Simple Online Book Store System 1.0 in /admin_book.php the Title, Author, and Description...
Moderate
Unreviewed
CVE-2022-37796
was published
Sep 13, 2022
Cross-site scripting vulnerability in Movable Type plugin A-Form versions prior to 4.1.1 (for...
Moderate
Unreviewed
CVE-2022-38972
was published
Sep 13, 2022
Multiple persistent cross-site scripting (XSS) vulnerabilities in index.php in tramyardg Hotel...
Moderate
Unreviewed
CVE-2022-36254
was published
Sep 13, 2022
Cuppa CMS v1.0 was discovered to contain a cross-site scripting vulnerability at /table_manager...
Moderate
Unreviewed
CVE-2022-38295
was published
Sep 13, 2022
SLiMS Senayan Library Management System v9.4.2 was discovered to contain a cross-site scripting ...
Moderate
Unreviewed
CVE-2022-38291
was published
Sep 13, 2022
ProTip!
Advisories are also available from the
GraphQL API