GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
27,836 advisories
Filter by severity
LibreNMS vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2022-36745
was published
for
librenms/librenms
(Composer)
Aug 31, 2022
Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site...
Moderate
Unreviewed
CVE-2022-33935
was published
Aug 31, 2022
Library Management System v1.0 was discovered to contain a cross-site scripting (XSS)...
Moderate
Unreviewed
CVE-2022-36657
was published
Aug 31, 2022
PicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the...
Moderate
Unreviewed
CVE-2022-36748
was published
Aug 31, 2022
Cross-site scripting from content entered in the tags and multiselect fields
High
GHSA-rv3r-vqjj-8c76
was published
for
getkirby/cms
(Composer)
Aug 30, 2022
snipe-it vulnerable to cross-site scripting (XSS)
Moderate
CVE-2022-3035
was published
for
snipe/snipe-it
(Composer)
Aug 30, 2022
IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This...
Moderate
Unreviewed
CVE-2021-38934
was published
Aug 30, 2022
Pagekit CMS cross-site scripting in Markdown text box where articles are edited
Moderate
CVE-2022-36573
was published
for
pagekit/pagekit
(Composer)
Aug 29, 2022
Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker...
Moderate
Unreviewed
CVE-2022-36194
was published
Aug 29, 2022
Subrion CMS 4.2.1 vulnerable to cross-site scripting in admin panel
Moderate
CVE-2022-37059
was published
for
intelliants/subrion
(Composer)
Aug 29, 2022
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by...
Moderate
Unreviewed
CVE-2022-27546
was published
Aug 29, 2022
The WP Hide & Security Enhancer WordPress plugin before 1.8 does not escape a parameter before...
Moderate
Unreviewed
CVE-2022-2538
was published
Aug 29, 2022
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and...
Moderate
Unreviewed
CVE-2022-2537
was published
Aug 29, 2022
The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape...
Moderate
Unreviewed
CVE-2022-2374
was published
Aug 29, 2022
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not...
Moderate
Unreviewed
CVE-2022-2599
was published
Aug 29, 2022
Cross-site scripting from dynamic options in the multiselect field
Moderate
CVE-2022-36037
was published
for
getkirby/cms
(Composer)
Aug 29, 2022
A vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food...
Moderate
Unreviewed
CVE-2022-3015
was published
Aug 28, 2022
A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System...
Moderate
Unreviewed
CVE-2022-3014
was published
Aug 28, 2022
An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS...
Moderate
Unreviewed
CVE-2022-37150
was published
Aug 27, 2022
mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the...
Moderate
Unreviewed
CVE-2021-39393
was published
Aug 27, 2022
Keycloak XSS via use of malicious payload as group name when creating new group from admin console
Moderate
CVE-2022-0225
was published
for
org.keycloak:keycloak-core
(Maven)
Aug 27, 2022
Deluge Web-UI vulnerable to XSS through a crafted torrent file
Moderate
CVE-2021-3427
was published
for
deluge
(pip)
Aug 27, 2022
IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability...
Moderate
Unreviewed
CVE-2022-35714
was published
Aug 27, 2022
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting ...
Moderate
Unreviewed
CVE-2022-36547
was published
Aug 27, 2022
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting ...
Moderate
Unreviewed
CVE-2022-36548
was published
Aug 27, 2022
ProTip!
Advisories are also available from the
GraphQL API