GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,337 advisories
Filter by severity
Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote...
Low
Unreviewed
CVE-2005-1778
was published
May 1, 2022
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows...
Low
Unreviewed
CVE-2003-1581
was published
Apr 29, 2022
Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP...
Low
Unreviewed
CVE-2003-1582
was published
Apr 29, 2022
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is...
Low
Unreviewed
CVE-2003-1577
was published
Apr 29, 2022
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible
Low
Unreviewed
CVE-2022-29816
was published
Apr 29, 2022
Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4.
Low
Unreviewed
CVE-2022-1180
was published
Mar 31, 2022
jquery.terminal self XSS on user input
Low
CVE-2021-43862
was published
for
jquery.terminal
(npm)
Jan 6, 2022
Cross-site scripting in Apache Syncome EndUser
Low
CVE-2019-17557
was published
for
org.apache.syncope.client:syncope-client-enduser
(Maven)
Jan 6, 2022
snipe-it is vulnerable to Cross-site Scripting
Low
CVE-2021-3938
was published
for
snipe/snipe-it
(Composer)
Nov 15, 2021
Cross-site Scripting in bootstrap-table
Low
CVE-2021-23472
was published
for
bootstrap-table
(npm)
Nov 8, 2021
Croos-site scripting in Croogo
Low
CVE-2019-20789
was published
for
croogo/croogo
(Composer)
Jun 22, 2021
Cross-site Scripting in Wildfly
Low
CVE-2021-3536
was published
for
org.wildfly:wildfly-parent
(Maven)
May 25, 2021
Stored XSS by authenticated backend user with access to upload files
Low
CVE-2020-15249
was published
for
october/backend
(Composer)
Nov 23, 2020
Persistent XSS in newsletter module in Shopware
Low
GHSA-hrfh-fp4x-crrq
was published
for
shopware/shopware
(Composer)
Nov 13, 2020
Persistent XSS in shopping worlds
Low
GHSA-28fw-88hq-6jmm
was published
for
shopware/shopware
(Composer)
Nov 13, 2020
Persistent XSS in customer module in Shopware
Low
GHSA-6gv9-7q4g-pmvm
was published
for
shopware/shopware
(Composer)
Nov 13, 2020
Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
Low
CVE-2020-15273
was published
for
baserproject/basercms
(Composer)
Nov 4, 2020
Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
Low
CVE-2020-15276
was published
for
baserproject/basercms
(Composer)
Oct 30, 2020
Non-persistent XSS in the Storefront in Shopware
Low
GHSA-qvhr-55hg-3qwv
was published
for
shopware/core
(Composer)
Sep 23, 2020
Cross-Site Scripting in express-cart
Low
GHSA-9pr3-7449-977r
was published
for
express-cart
(npm)
Sep 2, 2020
Reflected Cross-Site Scripting in redis-commander
Low
GHSA-8c8c-4vfj-rrpc
was published
for
redis-commander
(npm)
Sep 1, 2020
methodOverride Middleware Reflected Cross-Site Scripting in connect
Low
CVE-2013-7370
was published
for
connect
(npm)
Aug 31, 2020
Cross Site Scripting and RCE in baserCMS
Low
CVE-2020-15159
was published
for
baserproject/basercms
(Composer)
Aug 28, 2020
ProTip!
Advisories are also available from the
GraphQL API