GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
168 advisories
Filter by severity
On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0-12...
Critical
Unreviewed
CVE-2020-5948
was published
May 24, 2022
Notable 1.8.4 allows XSS via crafted Markdown text, with resultant remote code execution (because...
Critical
Unreviewed
CVE-2020-16608
was published
May 24, 2022
An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from...
Critical
Unreviewed
CVE-2020-29071
was published
May 24, 2022
Immuta v2.8.2 is affected by stored XSS that allows a low-privileged user to escalate privileges...
Critical
Unreviewed
CVE-2020-15952
was published
May 24, 2022
A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands.
Critical
Unreviewed
CVE-2020-18766
was published
May 24, 2022
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this...
Critical
Unreviewed
CVE-2020-27176
was published
May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** Leostream Connection Broker 8.2.x is affected by stored XSS. An...
Critical
Unreviewed
CVE-2020-26574
was published
May 24, 2022
Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1...
Critical
Unreviewed
CVE-2020-13169
was published
May 24, 2022
A vulnerability has been identified in IE/WSN-PA Link WirelessHART Gateway (All versions). The...
Critical
Unreviewed
CVE-2019-13923
was published
May 24, 2022
Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway ...
Critical
Unreviewed
CVE-2019-3638
was published
May 24, 2022
The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site...
Critical
Unreviewed
CVE-2019-15074
was published
May 24, 2022
A remote bypass of security restrictions vulnerability was discovered in HPE 3PAR Service...
Critical
Unreviewed
CVE-2019-5397
was published
May 24, 2022
The Yoast SEO plugin before 11.6-RC5 for WordPress does not properly restrict unfiltered HTML in...
Critical
Unreviewed
CVE-2019-13478
was published
May 24, 2022
It was found that Picketlink as shipped with Jboss Enterprise Application Platform 7.2 would...
Critical
Unreviewed
CVE-2019-3873
was published
May 24, 2022
Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are...
Critical
Unreviewed
CVE-2018-18864
was published
May 14, 2022
Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this...
Critical
Unreviewed
CVE-2019-7551
was published
May 13, 2022
An issue was discovered in LAOBANCMS 2.0. It allows a /install/mysql_hy.php?riqi=0&i=0 attack to...
Critical
Unreviewed
CVE-2018-19222
was published
May 13, 2022
A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An...
Critical
Unreviewed
CVE-2018-10369
was published
May 13, 2022
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while registering...
Critical
Unreviewed
CVE-2019-3709
was published
May 13, 2022
IsilonSD Management Server 1.1.0 contains a cross-site scripting vulnerability while uploading an...
Critical
Unreviewed
CVE-2019-3708
was published
May 13, 2022
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the...
Critical
Unreviewed
CVE-2017-8898
was published
May 13, 2022
For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries...
Critical
Unreviewed
CVE-2018-9079
was published
May 13, 2022
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18...
Critical
Unreviewed
CVE-2022-1575
was published
May 6, 2022
Turtlapp Turtle Note v0.7.2.6 does not filter the <meta> tag during markdown parsing, allowing...
Critical
Unreviewed
CVE-2022-28101
was published
Apr 29, 2022
Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code...
Critical
Unreviewed
CVE-2022-28464
was published
Apr 28, 2022
ProTip!
Advisories are also available from the
GraphQL API