Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

27,836 advisories

Loading
LibreNMS vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-36745 was published for librenms/librenms (Composer) Aug 31, 2022
tdunlap607
Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site... Moderate Unreviewed
CVE-2022-33935 was published Aug 31, 2022
Library Management System v1.0 was discovered to contain a cross-site scripting (XSS)... Moderate Unreviewed
CVE-2022-36657 was published Aug 31, 2022
PicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the... Moderate Unreviewed
CVE-2022-36748 was published Aug 31, 2022
Cross-site scripting from content entered in the tags and multiselect fields High
GHSA-rv3r-vqjj-8c76 was published for getkirby/cms (Composer) Aug 30, 2022
snipe-it vulnerable to cross-site scripting (XSS) Moderate
CVE-2022-3035 was published for snipe/snipe-it (Composer) Aug 30, 2022
IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This... Moderate Unreviewed
CVE-2021-38934 was published Aug 30, 2022
Pagekit CMS cross-site scripting in Markdown text box where articles are edited Moderate
CVE-2022-36573 was published for pagekit/pagekit (Composer) Aug 29, 2022
Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker... Moderate Unreviewed
CVE-2022-36194 was published Aug 29, 2022
Subrion CMS 4.2.1 vulnerable to cross-site scripting in admin panel Moderate
CVE-2022-37059 was published for intelliants/subrion (Composer) Aug 29, 2022
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by... Moderate Unreviewed
CVE-2022-27546 was published Aug 29, 2022
The WP Hide & Security Enhancer WordPress plugin before 1.8 does not escape a parameter before... Moderate Unreviewed
CVE-2022-2538 was published Aug 29, 2022
The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and... Moderate Unreviewed
CVE-2022-2537 was published Aug 29, 2022
The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape... Moderate Unreviewed
CVE-2022-2374 was published Aug 29, 2022
The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not... Moderate Unreviewed
CVE-2022-2599 was published Aug 29, 2022
Cross-site scripting from dynamic options in the multiselect field Moderate
CVE-2022-36037 was published for getkirby/cms (Composer) Aug 29, 2022
A vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food... Moderate Unreviewed
CVE-2022-3015 was published Aug 28, 2022
A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System... Moderate Unreviewed
CVE-2022-3014 was published Aug 28, 2022
An issue was discovered in Online Diagnostic Lab Management System 1.0. There is a stored XSS... Moderate Unreviewed
CVE-2022-37150 was published Aug 27, 2022
mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the... Moderate Unreviewed
CVE-2021-39393 was published Aug 27, 2022
Keycloak XSS via use of malicious payload as group name when creating new group from admin console Moderate
CVE-2022-0225 was published for org.keycloak:keycloak-core (Maven) Aug 27, 2022
Deluge Web-UI vulnerable to XSS through a crafted torrent file Moderate
CVE-2021-3427 was published for deluge (pip) Aug 27, 2022
IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability... Moderate Unreviewed
CVE-2022-35714 was published Aug 27, 2022
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting ... Moderate Unreviewed
CVE-2022-36547 was published Aug 27, 2022
Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting ... Moderate Unreviewed
CVE-2022-36548 was published Aug 27, 2022
ProTip! Advisories are also available from the GraphQL API