Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,337 advisories

Loading
Cross-Site Scripting in public Low
GHSA-7jfh-2xc9-ccv7 was published for public (npm) May 31, 2019
Cross-site scripting in SimpleSAMLphp Low
CVE-2020-5226 was published for simplesamlphp/simplesamlphp (Composer) Jan 24, 2020
Low severity vulnerability that affects Plone Low
CVE-2011-1949 was published for Plone (pip) Jul 23, 2018
Cross-site Scripting in October Low
CVE-2020-4061 was published for october/backend (Composer) Jul 2, 2020
tomaszstrojny
XSS in Mapfish Print relating to JSONP support Low
CVE-2020-15231 was published for org.mapfish.print:print-lib (Maven) Jul 7, 2020
DOM-based XSS in auth0-lock Low
CVE-2020-15119 was published for auth0-lock (npm) Aug 19, 2020
mvisat
Cross-Site Scripting in express-cart Low
GHSA-9pr3-7449-977r was published for express-cart (npm) Sep 2, 2020
methodOverride Middleware Reflected Cross-Site Scripting in connect Low
CVE-2013-7370 was published for connect (npm) Aug 31, 2020
Cross Site Scripting in baserCMS Low
CVE-2020-15154 was published for baserproject/basercms (Composer) Aug 28, 2020
Aquilao
Cross Site Scripting and RCE in baserCMS Low
CVE-2020-15159 was published for baserproject/basercms (Composer) Aug 28, 2020
stypr
Reflected Cross-Site Scripting in redis-commander Low
GHSA-8c8c-4vfj-rrpc was published for redis-commander (npm) Sep 1, 2020
sseide
Persistent XSS in customer module in Shopware Low
GHSA-6gv9-7q4g-pmvm was published for shopware/shopware (Composer) Nov 13, 2020
Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0 Low
CVE-2020-15273 was published for baserproject/basercms (Composer) Nov 4, 2020
Aquilao
Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings Low
CVE-2020-15155 was published for baserproject/basercms (Composer) Aug 28, 2020
Aquilao
Persistent XSS in newsletter module in Shopware Low
GHSA-hrfh-fp4x-crrq was published for shopware/shopware (Composer) Nov 13, 2020
Non-persistent XSS in the Storefront in Shopware Low
GHSA-qvhr-55hg-3qwv was published for shopware/core (Composer) Sep 23, 2020
z1tr0t3c
Persistent XSS in shopping worlds Low
GHSA-28fw-88hq-6jmm was published for shopware/shopware (Composer) Nov 13, 2020
Stored XSS by authenticated backend user with access to upload files Low
CVE-2020-15249 was published for october/backend (Composer) Nov 23, 2020
Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0 Low
CVE-2020-15276 was published for baserproject/basercms (Composer) Oct 30, 2020
Cross site scripting via cookies in gogs Low
GHSA-pj96-4jhv-v792 was published for gogs.io/gogs (Go) Jun 2, 2022
Cross-site Scripting in bootstrap-table Low
CVE-2021-23472 was published for bootstrap-table (npm) Nov 8, 2021
Cross-site scripting (XSS) vulnerability in the Messaging module 6.x-2.x before 6.x-2.4 and 6.x-4... Low Unreviewed
CVE-2011-1066 was published May 17, 2022
WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, does not properly handle the... Low Unreviewed
CVE-2011-0169 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3 beta2, when the insert or edit... Low Unreviewed
CVE-2010-4355 was published May 17, 2022
Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager 3.8.0 allow remote... Low Unreviewed
CVE-2010-4275 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API