GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
168 advisories
Filter by severity
The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored...
Critical
Unreviewed
CVE-2022-46332
was published
Dec 6, 2022
Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low...
Critical
Unreviewed
CVE-2022-37720
was published
Nov 25, 2022
ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability...
Critical
Unreviewed
CVE-2022-42989
was published
Nov 22, 2022
Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php...
Critical
Unreviewed
CVE-2022-36180
was published
Nov 22, 2022
A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute...
Critical
Unreviewed
CVE-2022-43143
was published
Nov 21, 2022
The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the...
Critical
Unreviewed
CVE-2022-40289
was published
Nov 1, 2022
The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS)...
Critical
Unreviewed
CVE-2022-40287
was published
Nov 1, 2022
The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user...
Critical
Unreviewed
CVE-2022-40288
was published
Nov 1, 2022
Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored...
Critical
Unreviewed
CVE-2022-35698
was published
Oct 15, 2022
In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to...
Critical
Unreviewed
CVE-2022-42711
was published
Oct 12, 2022
The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable...
Critical
Unreviewed
CVE-2022-30577
was published
Sep 22, 2022
The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily...
Critical
Unreviewed
CVE-2022-30578
was published
Sep 22, 2022
Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to...
Critical
Unreviewed
CVE-2020-19586
was published
Sep 15, 2022
A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo...
Critical
Unreviewed
CVE-2022-28712
was published
Aug 23, 2022
A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection...
Critical
Unreviewed
CVE-2022-26842
was published
Aug 23, 2022
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin...
Critical
Unreviewed
CVE-2021-43702
was published
Jul 6, 2022
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an...
Critical
Unreviewed
CVE-2022-2140
was published
Jun 28, 2022
Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution,...
Critical
Unreviewed
CVE-2021-26636
was published
Jun 24, 2022
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client...
Critical
Unreviewed
CVE-2022-29095
was published
Jun 11, 2022
In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability....
Critical
Unreviewed
CVE-2022-32271
was published
Jun 4, 2022
AEM's Cloud Service offering, as well as versions 6.5.6.0 (and below), 6.4.8.2 (and below) and 6...
Critical
Unreviewed
CVE-2020-24445
was published
May 24, 2022
The Jetpack Scan team identified a Reflected Cross-Site Scripting via the...
Critical
Unreviewed
CVE-2021-24229
was published
May 24, 2022
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress...
Critical
Unreviewed
CVE-2021-43047
was published
May 24, 2022
In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names...
Critical
Unreviewed
CVE-2021-43523
was published
May 24, 2022
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail"...
Critical
Unreviewed
CVE-2021-24693
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API