GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
274 advisories
Filter by severity
Moderate severity vulnerability that affects mayan-edms
Moderate
CVE-2018-16407
was published
for
mayan-edms
(pip)
Sep 6, 2018
Moderate severity vulnerability that affects mayan-edms
Moderate
CVE-2018-16406
was published
for
mayan-edms
(pip)
Sep 6, 2018
Moderate severity vulnerability that affects moin
Moderate
CVE-2017-5934
was published
for
moin
(pip)
Jan 4, 2019
Moderate severity vulnerability that affects roundup
Moderate
CVE-2019-10904
was published
for
roundup
(pip)
Apr 9, 2019
Moderate severity vulnerability that affects mayan-edms
Moderate
CVE-2018-16405
was published
for
mayan-edms
(pip)
Sep 6, 2018
Cross-site Scripting in invenio-previewer
Moderate
CVE-2019-1020019
was published
for
invenio-previewer
(pip)
Jul 16, 2019
markdown2 is vulnerable to cross-site scripting
Moderate
CVE-2018-5773
was published
for
markdown2
(pip)
Jul 12, 2018
Moderate severity vulnerability that affects Zope2
Moderate
CVE-2010-1104
was published
for
Zope2
(pip)
Jul 23, 2018
Cross-Site Scripting in Wagtail
Moderate
CVE-2020-15118
was published
for
wagtail
(pip)
Jul 20, 2020
Cross-site Scripting in python-cjson
Moderate
CVE-2009-4924
was published
for
python-cjson
(pip)
Dec 6, 2021
Cross-site scripting (XSS) vulnerability in the fallback authentication endpoint
Moderate
CVE-2020-26891
was published
for
matrix-synapse
(pip)
Oct 16, 2020
Cross-site Scripting and Open Redirect in Products.CMFPlone
Moderate
GHSA-8w54-22w9-3g8f
was published
for
Products.CMFPlone
(pip)
Jan 28, 2022
Cross-site Scripting and Open Redirect in plone.app.contenttypes
Moderate
GHSA-f7qw-5fgj-247x
was published
for
plone.app.contenttypes
(pip)
Feb 1, 2022
SVG with embedded scripts can lead to cross-site scripting attacks in xml2rfc
Moderate
GHSA-cf4q-4cqr-7g7w
was published
for
xml2rfc
(pip)
Apr 22, 2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares
Moderate
GHSA-c58j-88f5-h53f
was published
for
pycares
(pip)
Jul 5, 2022
Apache Superset is vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2022-43718
was published
for
apache-superset
(pip)
Jan 16, 2023
Apache Superset vulnerable to Cross-site Scripting
Moderate
CVE-2022-43717
was published
for
apache-superset
(pip)
Jan 16, 2023
Cross-site Scripting in FreeTAKServer-UI
Moderate
CVE-2022-25507
was published
for
FreeTAKServer-UI
(pip)
Mar 12, 2022
Cross-site scripting in markdown2 for python
Moderate
CVE-2009-3724
was published
for
markdown2
(pip)
Apr 21, 2022
Multiple cross-site scripting (XSS) vulnerabilities in Roundup
Moderate
CVE-2012-6133
was published
for
roundup
(pip)
Apr 23, 2022
Improper Neutralization of Input During Web Page Generation in Jupyter Notebook
Moderate
CVE-2019-9644
was published
for
jupyter-notebook
(pip)
May 14, 2022
Twisted vulnerable to NameVirtualHost Host header injection
Moderate
CVE-2022-39348
was published
for
twisted
(pip)
Oct 26, 2022
Pallets Werkzeug cross-site scripting vulnerability
Moderate
CVE-2016-10516
was published
for
Werkzeug
(pip)
May 14, 2022
Improper Neutralization of Input During Web Page Generation in IPython
Moderate
CVE-2015-4707
was published
for
ipython
(pip)
May 13, 2022
Improper Neutralization of Input During Web Page Generation in IPython
Moderate
CVE-2015-4706
was published
for
ipython
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API