Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

27,836 advisories

Loading
Cross site scripting in getkirby/starterkit Moderate
CVE-2022-35174 was published for getkirby/starterkit (Composer) Aug 19, 2022
osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scripting (XSS) vulnerability... Moderate Unreviewed
CVE-2022-35212 was published Aug 19, 2022
Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site... Moderate Unreviewed
CVE-2022-35213 was published Aug 19, 2022
apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page Moderate
GHSA-2fvv-qxrq-7jq6 was published for apollo-server-core (npm) Aug 18, 2022
adenkiewicz
NotrinosERP Cross-site Scripting vulnerability Moderate
CVE-2022-2871 was published for notrinos/notrinos-erp (Composer) Aug 18, 2022
Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting (XSS)... Moderate Unreviewed
CVE-2022-35117 was published Aug 18, 2022
A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute... Moderate Unreviewed
CVE-2022-35133 was published Aug 18, 2022
kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities... Moderate Unreviewed
CVE-2022-35151 was published Aug 18, 2022
Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection... Moderate Unreviewed
CVE-2022-36311 was published Aug 17, 2022
An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent... Moderate Unreviewed
CVE-2022-36530 was published Aug 17, 2022
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote,... Moderate Unreviewed
CVE-2022-38189 was published Aug 17, 2022
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote,... Moderate Unreviewed
CVE-2022-38192 was published Aug 17, 2022
The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO... Moderate Unreviewed
CVE-2022-30576 was published Aug 17, 2022
The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO... Moderate Unreviewed
CVE-2022-30575 was published Aug 17, 2022
Magento stored Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2022-34257 was published for magento/community-edition (Composer) Aug 17, 2022
Magento stored Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2022-34258 was published for magento/community-edition (Composer) Aug 17, 2022
A vulnerability classified as problematic has been found in MotoPress Timetable and Event... Moderate Unreviewed
CVE-2022-2844 was published Aug 17, 2022
A vulnerability classified as problematic was found in Calendar Event Multi View Plugin. This... High Unreviewed
CVE-2022-2846 was published Aug 17, 2022
A vulnerability was found in MotoPress Timetable and Event Schedule. It has been rated as... Moderate Unreviewed
CVE-2022-2843 was published Aug 17, 2022
Moodle reflected XSS Vulnerability Moderate
CVE-2020-14320 was published for moodle/moodle (Composer) Aug 17, 2022
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4,... Moderate Unreviewed
CVE-2021-39035 was published Aug 17, 2022
A vulnerability has been found in SourceCodester Simple and Nice Shopping Cart Script and... Moderate Unreviewed
CVE-2022-2814 was published Aug 16, 2022
The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter... Moderate Unreviewed
CVE-2022-2378 was published Aug 16, 2022
The Digital Publications by Supsystic WordPress plugin before 1.7.4 does not sanitise and escape... Moderate Unreviewed
CVE-2022-2384 was published Aug 16, 2022
A vulnerability classified as problematic has been found in SourceCodester Guest Management... Moderate Unreviewed
CVE-2022-2811 was published Aug 16, 2022
ProTip! Advisories are also available from the GraphQL API