GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
27,837 advisories
Filter by severity
Fat Free CRM vulnerable to Cross-site Scripting
Moderate
CVE-2018-1000842
was published
for
fat_free_crm
(RubyGems)
Dec 20, 2018
Cross site scripting in org.apache.nifi:nifi
Moderate
CVE-2018-17193
was published
for
org.apache.nifi:nifi
(Maven)
Dec 20, 2018
Cross Site Scripting (XSS) vulnerability in easymon
Moderate
CVE-2018-1000855
was published
for
easymon
(RubyGems)
Dec 21, 2018
Moderate severity vulnerability that affects org.hswebframework.web:hsweb-commons
Moderate
CVE-2018-20594
was published
for
org.hswebframework.web:hsweb-commons
(Maven)
Jan 4, 2019
Moderate severity vulnerability that affects moin
Moderate
CVE-2017-5934
was published
for
moin
(pip)
Jan 4, 2019
mistune Cross-site scripting (XSS) vulnerability
Moderate
CVE-2017-16876
was published
for
mistune
(pip)
Jan 4, 2019
Django vulnerable to XSS on 500 pages
Moderate
CVE-2017-12794
was published
for
Django
(pip)
Jan 4, 2019
Cross-Site Scripting in react-dom
Moderate
CVE-2018-6341
was published
for
react-dom
(npm)
Jan 4, 2019
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2016-10735
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
XSS vulnerability that affects bootstrap
Moderate
CVE-2018-20676
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-20677
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Apache Airflow vulnerable to XSS
Critical
CVE-2017-17836
was published
for
apache-airflow
(pip)
Jan 25, 2019
Tnantoka/public XSS Vulnerability
Moderate
CVE-2018-16480
was published
for
public
(npm)
Feb 7, 2019
Cross-Site Scripting in html-pages
Moderate
CVE-2018-16481
was published
for
html-pages
(npm)
Feb 7, 2019
Cross-Site Scripting in m-server
Moderate
CVE-2018-16484
was published
for
m-server
(npm)
Feb 7, 2019
Cross-site Scripting in jspwiki-war
Moderate
CVE-2018-20242
was published
for
org.apache.jspwiki:jspwiki-war
(Maven)
Feb 12, 2019
Cross-Site Scripting in backbone
Moderate
CVE-2016-10537
was published
for
backbone
(npm)
Feb 18, 2019
Sanitization bypass using HTML Entities in marked
Moderate
CVE-2016-10531
was published
for
marked
(npm)
Feb 18, 2019
Bootstrap Vulnerable to Cross-Site Scripting
Moderate
CVE-2019-8331
was published
for
Bootstrap.Less
(RubyGems)
Feb 22, 2019
Moderate severity vulnerability that affects org.b3log:symphony
Moderate
CVE-2019-9142
was published
for
org.b3log:symphony
(Maven)
Mar 6, 2019
Apache Airflow vulnerable to Stored XSS
Moderate
CVE-2018-20244
was published
for
apache-airflow
(pip)
Mar 6, 2019
Cross-Site Scripting in editor.md
Moderate
CVE-2019-9737
was published
for
editor.md
(npm)
Mar 14, 2019
Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main
Moderate
CVE-2019-0224
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Apr 2, 2019
ProTip!
Advisories are also available from the
GraphQL API