GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
72 advisories
Filter by severity
XSS/Script injection vulnerability in matestack
High
CVE-2020-5241
was published
for
matestack-ui-core
(RubyGems)
Feb 12, 2020
Cross site scripting vulnerability in ActionView
Moderate
CVE-2020-5267
was published
for
actionview
(RubyGems)
Mar 19, 2020
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogs
Moderate
CVE-2021-29438
was published
for
@nextcloud/dialogs
(npm)
Apr 16, 2021
Stored cross-site scripting in Grid component in Vaadin 7 and 8
Moderate
CVE-2019-25028
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Cross-site scripting (XSS) from field and configuration text displayed in the Panel
High
CVE-2021-32735
was published
for
getkirby/cms
(Composer)
Jul 2, 2021
Special Element Injection in notebook
High
CVE-2021-32798
was published
for
notebook
(pip)
Aug 23, 2021
Cross-site scripting (XSS) from image block content in the site frontend
Moderate
CVE-2021-41258
was published
for
getkirby/cms
(Composer)
Nov 16, 2021
jquery.terminal self XSS on user input
Low
CVE-2021-43862
was published
for
jquery.terminal
(npm)
Jan 6, 2022
Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/sylius
Moderate
CVE-2022-24749
was published
for
Sylius/Sylius
(Composer)
Mar 14, 2022
Apache Tomcat allows webmasters to insert xss into error messages
Moderate
CVE-2001-0829
was published
for
org.apache.tomcat:tomcat
(Maven)
Apr 30, 2022
Jetty Javascript Inclusion Vulnerability
Moderate
CVE-2002-1533
was published
for
org.mortbay.jetty:jetty
(Maven)
Apr 30, 2022
Apache Struts Cross-site scripting Vulnerability
Moderate
CVE-2005-3745
was published
for
org.apache.struts:struts-core
(Maven)
May 1, 2022
Apache Tomcat XSS Vulnerability
Moderate
CVE-2006-7195
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Apache Tomcat SendMailServlet XSS
Moderate
CVE-2007-3383
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Apache Tomcat's CookieExample Vulnerable to XSS
Moderate
CVE-2007-3384
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Cross-site Scripting in the Flamingo theme manager
High
CVE-2022-29251
was published
for
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
(Maven)
May 25, 2022
Cross-site Scripting vulnerability in repository issue list in Gogs
Moderate
CVE-2022-31038
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
Cross Site Scripting vulnerability in django-jsonform's admin form.
High
GHSA-x9jp-4w8m-4f3c
was published
for
django-jsonform
(pip)
Jun 10, 2022
HTML Injection in ActiveMQ Artemis Web Console
Moderate
CVE-2022-35278
was published
for
org.apache.activemq:artemis-server
(Maven)
Aug 24, 2022
XWiki Platform Web Parent POM vulnerable to XSS in the attachment history
High
CVE-2022-36094
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Sep 16, 2022
XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form
High
CVE-2022-36097
was published
for
org.xwiki.platform:xwiki-platform-attachment-ui
(Maven)
Sep 16, 2022
XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list
High
CVE-2022-36096
was published
for
org.xwiki.platform:xwiki-platform-index-ui
(Maven)
Sep 16, 2022
ProTip!
Advisories are also available from the
GraphQL API