Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,342
Erlang
31
GitHub Actions
22
Go
2,106
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

25,271 advisories

Loading
A vulnerability was found in pallidlight online-course-selection-system. It has been classified... Moderate Unreviewed
CVE-2022-4401 was published Dec 11, 2022
IBM Cloud Transformation Advisor 2.0.1 through 3.3.1 is vulnerable to cross-site scripting. This... Moderate Unreviewed
CVE-2022-41299 was published Dec 9, 2022
An authenticated user can embed malicious content with XSS into the admin group policy page. Moderate Unreviewed
CVE-2022-25630 was published Dec 9, 2022
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft... Moderate Unreviewed
CVE-2022-25629 was published Dec 9, 2022
In BAOTA linux panel there exists a stored xss vulnerability attackers can use to obtain... Moderate Unreviewed
CVE-2022-4336 was published Dec 9, 2022
ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site... Moderate Unreviewed
CVE-2022-44213 was published Dec 9, 2022
A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic.... Moderate Unreviewed
CVE-2022-4377 was published Dec 9, 2022
A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized.... Moderate Unreviewed
CVE-2022-38754 was published Dec 8, 2022
A vulnerability was found in annyshow DuxCMS 2.1. It has been classified as problematic. This... Moderate Unreviewed
CVE-2020-36609 was published Dec 8, 2022
A vulnerability was found in xiandafu beetl-bbs. It has been declared as problematic. Affected by... Moderate Unreviewed
CVE-2022-4347 was published Dec 8, 2022
A vulnerability has been found in csliuwy coder-chain_gdut and classified as problematic.... Moderate Unreviewed
CVE-2022-4341 was published Dec 7, 2022
An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in... Moderate Unreviewed
CVE-2022-44361 was published Dec 7, 2022
IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through... Moderate Unreviewed
CVE-2022-41735 was published Dec 7, 2022
A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows... Moderate Unreviewed
CVE-2022-45217 was published Dec 7, 2022
Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in... Moderate Unreviewed
CVE-2022-43668 was published Dec 7, 2022
Cross-site scripting vulnerability in Movable Type Movable Type 7 r.5301 and earlier (Movable... Moderate Unreviewed
CVE-2022-45122 was published Dec 7, 2022
Cross-site scripting vulnerability in Aficio SP 4210N firmware versions prior to Web Support 1.05... Moderate Unreviewed
CVE-2022-37406 was published Dec 7, 2022
ILIAS before 7.16 allows XSS. Moderate Unreviewed
CVE-2022-45916 was published Dec 7, 2022
Rapid Software LLC Rapid SCADA 5.8.4 is vulnerable to Cross Site Scripting (XSS). Moderate Unreviewed
CVE-2022-44153 was published Dec 7, 2022
Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS)... Moderate Unreviewed
CVE-2022-45008 was published Dec 7, 2022
Auth. Stored Cross-Site Scripting (XSS) vulnerability in GD bbPress Attachments plugin <= 4.3.1... Moderate Unreviewed
CVE-2022-45816 was published Dec 7, 2022
AutoTaxi Stand Management System v1.0 was discovered to contain a cross-site scripting (XSS)... Moderate Unreviewed
CVE-2022-43369 was published Dec 6, 2022
Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Contest Gallery plugin <= 13.1.0.9 on... Moderate Unreviewed
CVE-2022-45848 was published Dec 6, 2022
** DISPUTED ** Telegram Web 15.3.1 allows XSS via a certain payload derived from a Target... Moderate Unreviewed
CVE-2022-43363 was published Dec 6, 2022
Improper neutralization of input during web page generation [CWE-79] in FortiSOAR 7.0.0 through 7... Moderate Unreviewed
CVE-2022-38379 was published Dec 6, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database