Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

168 advisories

Loading
The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored... Critical Unreviewed
CVE-2022-46332 was published Dec 6, 2022
Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting (XSS). When a low... Critical Unreviewed
CVE-2022-37720 was published Nov 25, 2022
ERP Sankhya before v4.11b81 was discovered to contain a cross-site scripting (XSS) vulnerability... Critical Unreviewed
CVE-2022-42989 was published Nov 22, 2022
Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php... Critical Unreviewed
CVE-2022-36180 was published Nov 22, 2022
A cross-site scripting (XSS) vulnerability in Beekeeper Studio v3.6.6 allows attackers to execute... Critical Unreviewed
CVE-2022-43143 was published Nov 21, 2022
The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the... Critical Unreviewed
CVE-2022-40289 was published Nov 1, 2022
The application was found to be vulnerable to an authenticated Stored Cross-Site Scripting (XSS)... Critical Unreviewed
CVE-2022-40287 was published Nov 1, 2022
The application was vulnerable to an authenticated Stored Cross-Site Scripting (XSS) in the user... Critical Unreviewed
CVE-2022-40288 was published Nov 1, 2022
Adobe Commerce versions 2.4.4-p1 (and earlier) and 2.4.5 (and earlier) are affected by a Stored... Critical Unreviewed
CVE-2022-35698 was published Oct 15, 2022
In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to... Critical Unreviewed
CVE-2022-42711 was published Oct 12, 2022
The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable... Critical Unreviewed
CVE-2022-30577 was published Sep 22, 2022
The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily... Critical Unreviewed
CVE-2022-30578 was published Sep 22, 2022
Incorrect Access Control issue in Yellowfin Business Intelligence 7.3 allows remote attackers to... Critical Unreviewed
CVE-2020-19586 was published Sep 15, 2022
A cross-site scripting (xss) vulnerability exists in the videoAddNew functionality of WWBN AVideo... Critical Unreviewed
CVE-2022-28712 was published Aug 23, 2022
A reflected cross-site scripting (xss) vulnerability exists in the charts tab selection... Critical Unreviewed
CVE-2022-26842 was published Aug 23, 2022
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin... Critical Unreviewed
CVE-2021-43702 was published Jul 6, 2022
Elcomplus SmartICS v2.3.4.0 does not neutralize user-controllable input, which allows an... Critical Unreviewed
CVE-2022-2140 was published Jun 28, 2022
Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution,... Critical Unreviewed
CVE-2021-26636 was published Jun 24, 2022
Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client... Critical Unreviewed
CVE-2022-29095 was published Jun 11, 2022
In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability.... Critical Unreviewed
CVE-2022-32271 was published Jun 4, 2022
AEM's Cloud Service offering, as well as versions 6.5.6.0 (and below), 6.4.8.2 (and below) and 6... Critical Unreviewed
CVE-2020-24445 was published May 24, 2022
The Jetpack Scan team identified a Reflected Cross-Site Scripting via the... Critical Unreviewed
CVE-2021-24229 was published May 24, 2022
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress... Critical Unreviewed
CVE-2021-43047 was published May 24, 2022
In uClibc and uClibc-ng before 1.0.39, incorrect handling of special characters in domain names... Critical Unreviewed
CVE-2021-43523 was published May 24, 2022
The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail"... Critical Unreviewed
CVE-2021-24693 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API