GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
1,129 advisories
Filter by severity
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A...
High
Unreviewed
CVE-2021-44082
was published
Mar 31, 2022
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin...
High
Unreviewed
CVE-2022-1347
was published
Apr 14, 2022
A remote attacker with write access to PI ProcessBook files could inject code that is imported...
High
Unreviewed
CVE-2020-25163
was published
Apr 19, 2022
The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that...
High
Unreviewed
CVE-2021-38345
was published
May 24, 2022
The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authenticated users to upload...
High
Unreviewed
CVE-2021-38346
was published
May 24, 2022
Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote...
High
Unreviewed
CVE-2022-42786
was published
Nov 10, 2022
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2...
High
Unreviewed
CVE-2021-24728
was published
May 24, 2022
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary...
High
Unreviewed
CVE-2019-9164
was published
May 13, 2022
A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and...
High
Unreviewed
CVE-2017-2683
was published
May 17, 2022
Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS
High
Unreviewed
CVE-2016-1000116
was published
May 17, 2022
The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before...
High
Unreviewed
CVE-2022-2219
was published
Jul 26, 2022
An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0....
High
Unreviewed
CVE-2016-8356
was published
May 17, 2022
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated...
High
Unreviewed
CVE-2016-6641
was published
May 17, 2022
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A...
High
Unreviewed
CVE-2020-11749
was published
May 24, 2022
Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged...
High
Unreviewed
CVE-2022-30297
was published
Nov 11, 2022
app/operator_panel/exec.php in the Operator Panel module in FreePBX 4.4.3 suffers from a command...
High
Unreviewed
CVE-2019-11409
was published
May 24, 2022
The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that...
High
Unreviewed
CVE-2019-6969
was published
May 24, 2022
The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its "Logo Title"...
High
Unreviewed
CVE-2021-24581
was published
May 24, 2022
In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page...
High
Unreviewed
CVE-2020-5945
was published
May 24, 2022
Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP...
High
Unreviewed
CVE-2020-1673
was published
May 24, 2022
Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2...
High
Unreviewed
CVE-2020-35839
was published
May 24, 2022
Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for...
High
Unreviewed
CVE-2020-35937
was published
May 24, 2022
This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard...
High
Unreviewed
CVE-2020-28457
was published
May 24, 2022
The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel.
High
Unreviewed
CVE-2020-28456
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API