GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
197 advisories
Filter by severity
A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC)...
Moderate
Unreviewed
CVE-2022-20740
was published
May 4, 2022
Apache Tomcat's CookieExample Vulnerable to XSS
Moderate
CVE-2007-3384
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Apache Tomcat SendMailServlet XSS
Moderate
CVE-2007-3383
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Apache Tomcat XSS Vulnerability
Moderate
CVE-2006-7195
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Apache Struts Cross-site scripting Vulnerability
Moderate
CVE-2005-3745
was published
for
org.apache.struts:struts-core
(Maven)
May 1, 2022
Jetty Javascript Inclusion Vulnerability
Moderate
CVE-2002-1533
was published
for
org.mortbay.jetty:jetty
(Maven)
Apr 30, 2022
Apache Tomcat allows webmasters to insert xss into error messages
Moderate
CVE-2001-0829
was published
for
org.apache.tomcat:tomcat
(Maven)
Apr 30, 2022
An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin...
High
Unreviewed
CVE-2022-0989
was published
Apr 12, 2022
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been...
Moderate
Unreviewed
CVE-2008-10001
was published
Mar 29, 2022
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has...
Moderate
Unreviewed
CVE-2003-5003
was published
Mar 29, 2022
Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/sylius
Moderate
CVE-2022-24749
was published
for
Sylius/Sylius
(Composer)
Mar 14, 2022
jquery.terminal self XSS on user input
Low
CVE-2021-43862
was published
for
jquery.terminal
(npm)
Jan 6, 2022
Cross-site scripting (XSS) from image block content in the site frontend
Moderate
CVE-2021-41258
was published
for
getkirby/cms
(Composer)
Nov 16, 2021
Special Element Injection in notebook
High
CVE-2021-32798
was published
for
notebook
(pip)
Aug 23, 2021
Cross-site scripting (XSS) from field and configuration text displayed in the Panel
High
CVE-2021-32735
was published
for
getkirby/cms
(Composer)
Jul 2, 2021
Stored cross-site scripting in Grid component in Vaadin 7 and 8
Moderate
CVE-2019-25028
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogs
Moderate
CVE-2021-29438
was published
for
@nextcloud/dialogs
(npm)
Apr 16, 2021
Cross site scripting vulnerability in ActionView
Moderate
CVE-2020-5267
was published
for
actionview
(RubyGems)
Mar 19, 2020
XSS/Script injection vulnerability in matestack
High
CVE-2020-5241
was published
for
matestack-ui-core
(RubyGems)
Feb 12, 2020
ProTip!
Advisories are also available from the
GraphQL API