Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

27,837 advisories

Loading
The Simple Payment Donations & Subscriptions WordPress plugin before 4.2.1 does not sanitise and... High Unreviewed
CVE-2022-2565 was published Sep 6, 2022
An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of... Moderate Unreviewed
CVE-2022-39049 was published Sep 6, 2022
The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget... Moderate Unreviewed
CVE-2022-2775 was published Sep 6, 2022
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store... Moderate Unreviewed
CVE-2022-39050 was published Sep 6, 2022
Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post. Moderate Unreviewed
CVE-2022-39839 was published Sep 6, 2022
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.2.8. Moderate Unreviewed
CVE-2022-3127 was published Sep 6, 2022
The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which... Moderate Unreviewed
CVE-2022-2271 was published Sep 6, 2022
Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM). Moderate Unreviewed
CVE-2022-39840 was published Sep 6, 2022
Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data... Moderate Unreviewed
CVE-2022-25370 was published Sep 3, 2022
Miniblog.Core v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the... Moderate Unreviewed
CVE-2022-37679 was published Sep 3, 2022
A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0... Moderate Unreviewed
CVE-2022-36639 was published Sep 3, 2022
BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the... Moderate Unreviewed
CVE-2022-36600 was published Sep 3, 2022
Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS)... Moderate Unreviewed
CVE-2022-36637 was published Sep 3, 2022
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking... Moderate Unreviewed
CVE-2022-36355 was published Sep 2, 2022
francoisjacquet/rosariosis vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-3072 was published for francoisjacquet/rosariosis (Composer) Sep 2, 2022
Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting (XSS) bug allowing a... Moderate Unreviewed
CVE-2022-38790 was published Sep 2, 2022
DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at ... Moderate Unreviewed
CVE-2022-36583 was published Sep 2, 2022
Duplicate Advisory: Keycloak vulnerable to Cross-Site Scripting (XSS) Moderate
GHSA-w8v7-c7pm-7wfr was published for org.keycloak:keycloak-core (Maven) Sep 2, 2022 withdrawn
jsoup may not sanitize code injection XSS attempts if SafeList.preserveRelativeLinks is enabled Moderate
CVE-2022-36033 was published for org.jsoup:jsoup (Maven) Sep 1, 2022
Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The... Moderate Unreviewed
CVE-2022-26331 was published Sep 1, 2022
Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list. Moderate Unreviewed
CVE-2022-37183 was published Sep 1, 2022
Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel.... Moderate Unreviewed
CVE-2022-36203 was published Sep 1, 2022
PrestaShop Product Comments Cross-site Scripting vulnerability Moderate
CVE-2022-35933 was published for prestashop/productcomments (Composer) Aug 31, 2022
x-data-spreadsheet through 1.1.9 vulnerable to Cross-site Scripting Moderate
CVE-2022-25646 was published for x-data-spreadsheet (npm) Aug 31, 2022
LibreNMS vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-36746 was published for librenms/librenms (Composer) Aug 31, 2022
emilwareus
ProTip! Advisories are also available from the GraphQL API