GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
27,837 advisories
Filter by severity
The Simple Payment Donations & Subscriptions WordPress plugin before 4.2.1 does not sanitise and...
High
Unreviewed
CVE-2022-2565
was published
Sep 6, 2022
An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of...
Moderate
Unreviewed
CVE-2022-39049
was published
Sep 6, 2022
The Fast Flow WordPress plugin before 1.2.13 does not sanitise and escape some of its Widget...
Moderate
Unreviewed
CVE-2022-2775
was published
Sep 6, 2022
An attacker who is logged into OTRS as an admin user may manipulate customer URL field to store...
Moderate
Unreviewed
CVE-2022-39050
was published
Sep 6, 2022
Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a forum post.
Moderate
Unreviewed
CVE-2022-39839
was published
Sep 6, 2022
Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 20.2.8.
Moderate
Unreviewed
CVE-2022-3127
was published
Sep 6, 2022
The WP Database Backup WordPress plugin before 5.9 does not escape some of its settings, which...
Moderate
Unreviewed
CVE-2022-2271
was published
Sep 6, 2022
Cotonti Siena 0.9.20 allows admins to conduct stored XSS attacks via a direct message (DM).
Moderate
Unreviewed
CVE-2022-39840
was published
Sep 6, 2022
Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data...
Moderate
Unreviewed
CVE-2022-25370
was published
Sep 3, 2022
Miniblog.Core v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the...
Moderate
Unreviewed
CVE-2022-37679
was published
Sep 3, 2022
A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0...
Moderate
Unreviewed
CVE-2022-36639
was published
Sep 3, 2022
BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the...
Moderate
Unreviewed
CVE-2022-36600
was published
Sep 3, 2022
Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS)...
Moderate
Unreviewed
CVE-2022-36637
was published
Sep 3, 2022
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking...
Moderate
Unreviewed
CVE-2022-36355
was published
Sep 2, 2022
francoisjacquet/rosariosis vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2022-3072
was published
for
francoisjacquet/rosariosis
(Composer)
Sep 2, 2022
Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting (XSS) bug allowing a...
Moderate
Unreviewed
CVE-2022-38790
was published
Sep 2, 2022
DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at ...
Moderate
Unreviewed
CVE-2022-36583
was published
Sep 2, 2022
Duplicate Advisory: Keycloak vulnerable to Cross-Site Scripting (XSS)
Moderate
GHSA-w8v7-c7pm-7wfr
was published
for
org.keycloak:keycloak-core
(Maven)
Sep 2, 2022
•
withdrawn
jsoup may not sanitize code injection XSS attempts if SafeList.preserveRelativeLinks is enabled
Moderate
CVE-2022-36033
was published
for
org.jsoup:jsoup
(Maven)
Sep 1, 2022
Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The...
Moderate
Unreviewed
CVE-2022-26331
was published
Sep 1, 2022
Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list.
Moderate
Unreviewed
CVE-2022-37183
was published
Sep 1, 2022
Doctor's Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel....
Moderate
Unreviewed
CVE-2022-36203
was published
Sep 1, 2022
PrestaShop Product Comments Cross-site Scripting vulnerability
Moderate
CVE-2022-35933
was published
for
prestashop/productcomments
(Composer)
Aug 31, 2022
x-data-spreadsheet through 1.1.9 vulnerable to Cross-site Scripting
Moderate
CVE-2022-25646
was published
for
x-data-spreadsheet
(npm)
Aug 31, 2022
LibreNMS vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2022-36746
was published
for
librenms/librenms
(Composer)
Aug 31, 2022
ProTip!
Advisories are also available from the
GraphQL API