GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
41 advisories
Filter by severity
Cross site scripting vulnerability in ActionView
Moderate
CVE-2020-5267
was published
for
actionview
(RubyGems)
Mar 19, 2020
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogs
Moderate
CVE-2021-29438
was published
for
@nextcloud/dialogs
(npm)
Apr 16, 2021
Stored cross-site scripting in Grid component in Vaadin 7 and 8
Moderate
CVE-2019-25028
was published
for
com.vaadin:vaadin-bom
(Maven)
Apr 19, 2021
Cross-site scripting (XSS) from image block content in the site frontend
Moderate
CVE-2021-41258
was published
for
getkirby/cms
(Composer)
Nov 16, 2021
Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/sylius
Moderate
CVE-2022-24749
was published
for
Sylius/Sylius
(Composer)
Mar 14, 2022
Apache Tomcat allows webmasters to insert xss into error messages
Moderate
CVE-2001-0829
was published
for
org.apache.tomcat:tomcat
(Maven)
Apr 30, 2022
Jetty Javascript Inclusion Vulnerability
Moderate
CVE-2002-1533
was published
for
org.mortbay.jetty:jetty
(Maven)
Apr 30, 2022
Apache Struts Cross-site scripting Vulnerability
Moderate
CVE-2005-3745
was published
for
org.apache.struts:struts-core
(Maven)
May 1, 2022
Apache Tomcat XSS Vulnerability
Moderate
CVE-2006-7195
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Apache Tomcat SendMailServlet XSS
Moderate
CVE-2007-3383
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Apache Tomcat's CookieExample Vulnerable to XSS
Moderate
CVE-2007-3384
was published
for
org.apache.tomcat:tomcat
(Maven)
May 1, 2022
Cross-site Scripting vulnerability in repository issue list in Gogs
Moderate
CVE-2022-31038
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
HTML Injection in ActiveMQ Artemis Web Console
Moderate
CVE-2022-35278
was published
for
org.apache.activemq:artemis-server
(Maven)
Aug 24, 2022
Twisted vulnerable to NameVirtualHost Host header injection
Moderate
CVE-2022-39348
was published
for
twisted
(pip)
Oct 26, 2022
Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown
Moderate
GHSA-755v-r4x4-qf7m
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 29, 2022
HTML Injection in Keycloak Admin REST API
Moderate
CVE-2022-1274
was published
for
org.keycloak:keycloak-services
(Maven)
Mar 1, 2023
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload
Moderate
CVE-2023-26046
was published
for
github.com/kitabisa/teler-waf
(Go)
Mar 1, 2023
Craft CMS stored XSS in review volume
Moderate
CVE-2023-33196
was published
for
craftcms/cms
(Composer)
May 26, 2023
Craft CMS stored XSS in indexedVolumes
Moderate
CVE-2023-33197
was published
for
craftcms/cms
(Composer)
May 26, 2023
go package pydio cells vulnerable to cross-site scripting
Moderate
CVE-2023-2981
was published
for
github.com/pydio/cells
(Go)
May 30, 2023
LeafKit allows XSS with untrusted user input
Moderate
CVE-2021-37634
was published
for
github.com/vapor/leaf-kit
(Swift)
Jun 9, 2023
matrix-react-sdk vulnerable to XSS in Export Chat feature
Moderate
CVE-2023-37259
was published
for
matrix-react-sdk
(npm)
Jul 18, 2023
ProTip!
Advisories are also available from the
GraphQL API