GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
27,836 advisories
Filter by severity
Cross site scripting in getkirby/starterkit
Moderate
CVE-2022-35174
was published
for
getkirby/starterkit
(Composer)
Aug 19, 2022
osCommerce2 before v2.3.4.1 was discovered to contain a cross-site scripting (XSS) vulnerability...
Moderate
Unreviewed
CVE-2022-35212
was published
Aug 19, 2022
Ecommerce-CodeIgniter-Bootstrap before commit 56465f was discovered to contain a cross-site...
Moderate
Unreviewed
CVE-2022-35213
was published
Aug 19, 2022
apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page
Moderate
GHSA-2fvv-qxrq-7jq6
was published
for
apollo-server-core
(npm)
Aug 18, 2022
NotrinosERP Cross-site Scripting vulnerability
Moderate
CVE-2022-2871
was published
for
notrinos/notrinos-erp
(Composer)
Aug 18, 2022
Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting (XSS)...
Moderate
Unreviewed
CVE-2022-35117
was published
Aug 18, 2022
A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute...
Moderate
Unreviewed
CVE-2022-35133
was published
Aug 18, 2022
kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities...
Moderate
Unreviewed
CVE-2022-35151
was published
Aug 18, 2022
Airspan AirVelocity 1500 prior to software version 15.18.00.2511 is vulnerable to injection...
Moderate
Unreviewed
CVE-2022-36311
was published
Aug 17, 2022
An issue was discovered in rageframe2 2.6.37. There is a XSS vulnerability in the user agent...
Moderate
Unreviewed
CVE-2022-36530
was published
Aug 17, 2022
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote,...
Moderate
Unreviewed
CVE-2022-38189
was published
Aug 17, 2022
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote,...
Moderate
Unreviewed
CVE-2022-38192
was published
Aug 17, 2022
The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO...
Moderate
Unreviewed
CVE-2022-30576
was published
Aug 17, 2022
The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO...
Moderate
Unreviewed
CVE-2022-30575
was published
Aug 17, 2022
Magento stored Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2022-34257
was published
for
magento/community-edition
(Composer)
Aug 17, 2022
Magento stored Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2022-34258
was published
for
magento/community-edition
(Composer)
Aug 17, 2022
A vulnerability classified as problematic has been found in MotoPress Timetable and Event...
Moderate
Unreviewed
CVE-2022-2844
was published
Aug 17, 2022
A vulnerability classified as problematic was found in Calendar Event Multi View Plugin. This...
High
Unreviewed
CVE-2022-2846
was published
Aug 17, 2022
A vulnerability was found in MotoPress Timetable and Event Schedule. It has been rated as...
Moderate
Unreviewed
CVE-2022-2843
was published
Aug 17, 2022
Moodle reflected XSS Vulnerability
Moderate
CVE-2020-14320
was published
for
moodle/moodle
(Composer)
Aug 17, 2022
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4,...
Moderate
Unreviewed
CVE-2021-39035
was published
Aug 17, 2022
A vulnerability has been found in SourceCodester Simple and Nice Shopping Cart Script and...
Moderate
Unreviewed
CVE-2022-2814
was published
Aug 16, 2022
The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter...
Moderate
Unreviewed
CVE-2022-2378
was published
Aug 16, 2022
The Digital Publications by Supsystic WordPress plugin before 1.7.4 does not sanitise and escape...
Moderate
Unreviewed
CVE-2022-2384
was published
Aug 16, 2022
A vulnerability classified as problematic has been found in SourceCodester Guest Management...
Moderate
Unreviewed
CVE-2022-2811
was published
Aug 16, 2022
ProTip!
Advisories are also available from the
GraphQL API