Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,337 advisories

Loading
Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote... Low Unreviewed
CVE-2005-1778 was published May 1, 2022
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows... Low Unreviewed
CVE-2003-1581 was published Apr 29, 2022
Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP... Low Unreviewed
CVE-2003-1582 was published Apr 29, 2022
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is... Low Unreviewed
CVE-2003-1577 was published Apr 29, 2022
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible Low Unreviewed
CVE-2022-29816 was published Apr 29, 2022
Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Low Unreviewed
CVE-2022-1180 was published Mar 31, 2022
jquery.terminal self XSS on user input Low
CVE-2021-43862 was published for jquery.terminal (npm) Jan 6, 2022
Nahiiko
Cross-site scripting in Apache Syncome EndUser Low
CVE-2019-17557 was published for org.apache.syncope.client:syncope-client-enduser (Maven) Jan 6, 2022
snipe-it is vulnerable to Cross-site Scripting Low
CVE-2021-3938 was published for snipe/snipe-it (Composer) Nov 15, 2021
Cross-site Scripting in bootstrap-table Low
CVE-2021-23472 was published for bootstrap-table (npm) Nov 8, 2021
Croos-site scripting in Croogo Low
CVE-2019-20789 was published for croogo/croogo (Composer) Jun 22, 2021
Cross-site Scripting in Wildfly Low
CVE-2021-3536 was published for org.wildfly:wildfly-parent (Maven) May 25, 2021
XSS in HtmlSanitizer Low
CVE-2020-26293 was published for HtmlSanitizer (NuGet) Jan 4, 2021
XSS in Vega Low
CVE-2020-26296 was published for vega (npm) Dec 30, 2020
Stored XSS by authenticated backend user with access to upload files Low
CVE-2020-15249 was published for october/backend (Composer) Nov 23, 2020
Persistent XSS in newsletter module in Shopware Low
GHSA-hrfh-fp4x-crrq was published for shopware/shopware (Composer) Nov 13, 2020
Persistent XSS in shopping worlds Low
GHSA-28fw-88hq-6jmm was published for shopware/shopware (Composer) Nov 13, 2020
Persistent XSS in customer module in Shopware Low
GHSA-6gv9-7q4g-pmvm was published for shopware/shopware (Composer) Nov 13, 2020
Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0 Low
CVE-2020-15273 was published for baserproject/basercms (Composer) Nov 4, 2020
Aquilao
Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0 Low
CVE-2020-15276 was published for baserproject/basercms (Composer) Oct 30, 2020
Non-persistent XSS in the Storefront in Shopware Low
GHSA-qvhr-55hg-3qwv was published for shopware/core (Composer) Sep 23, 2020
z1tr0t3c
Cross-Site Scripting in express-cart Low
GHSA-9pr3-7449-977r was published for express-cart (npm) Sep 2, 2020
Reflected Cross-Site Scripting in redis-commander Low
GHSA-8c8c-4vfj-rrpc was published for redis-commander (npm) Sep 1, 2020
sseide
methodOverride Middleware Reflected Cross-Site Scripting in connect Low
CVE-2013-7370 was published for connect (npm) Aug 31, 2020
Cross Site Scripting and RCE in baserCMS Low
CVE-2020-15159 was published for baserproject/basercms (Composer) Aug 28, 2020
stypr
ProTip! Advisories are also available from the GraphQL API