Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

385 advisories

Loading
django-photologue vulnerable to Cross-site Scripting Moderate
CVE-2022-4526 was published for django-photologue (pip) Dec 15, 2022
collective.dms.basecontent Cross-site Scripting vulnerability Moderate
CVE-2022-4495 was published for collective.dms.basecontent (pip) Dec 14, 2022
pyRdfa3 Cross-site Scripting vulnerability Moderate
CVE-2022-4396 was published for pyRdfa3 (pip) Dec 10, 2022
XBlock vulnerable to Cross-Site Scripting (XSS) High
CVE-2022-46147 was published for xblock-drag-and-drop-v2 (pip) Dec 2, 2022
Cross-site Scripting in kiwitcms Moderate
CVE-2022-4105 was published for kiwitcms (pip) Nov 21, 2022
Cross Site Scripting vulnerability in wsgidav when directory browsing is enabled High
CVE-2022-41905 was published for wsgidav (pip) Nov 16, 2022
brunnjf
Credited to brunnjf
Apache Airflow Cross-site Scripting vulnerability Moderate
CVE-2022-43982 was published for apache-airflow (pip) Nov 2, 2022
Twisted vulnerable to NameVirtualHost Host header injection Moderate
CVE-2022-39348 was published for twisted (pip) Oct 26, 2022
westonsteimel
Credited to westonsteimel
Inventree vulnerable to Stored Cross-site Scripting Moderate
CVE-2022-3355 was published for inventree (pip) Sep 30, 2022
Deluge Web-UI vulnerable to XSS through a crafted torrent file Moderate
CVE-2021-3427 was published for deluge (pip) Aug 27, 2022
nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths Moderate
CVE-2021-32862 was published for nbconvert (pip) Aug 10, 2022
pwntester
Credited to pwntester
Fava vulnerable to reflected cross-site scripting Moderate
CVE-2022-2589 was published for fava (pip) Aug 2, 2022
Fava time and filter parameters vulnerable to reflected Cross-site Scripting Moderate
CVE-2022-2514 was published for fava (pip) Jul 26, 2022
Fava vulnerable to Reflected Cross-site Scripting Moderate
CVE-2022-2523 was published for fava (pip) Jul 26, 2022
Django REST framework XSS Vulnerability Moderate
CVE-2018-25045 was published for django-rest-framework (pip) Jul 24, 2022
Whoogle Search Cross-site Scripting via string parameter Moderate
CVE-2022-25303 was published for whoogle-search (pip) Jul 15, 2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares Moderate
GHSA-c58j-88f5-h53f was published for pycares (pip) Jul 5, 2022
XSS Vulnerability in Markdown Editor High
GHSA-85q9-7467-r53q was published for inventree (pip) Jun 17, 2022
Gaurav-G2
Credited to Gaurav-G2
Cross Site Scripting vulnerability in django-jsonform's admin form. High
GHSA-x9jp-4w8m-4f3c was published for django-jsonform (pip) Jun 10, 2022
Apache Superset Stored XSS on Dashboard markdown Moderate
CVE-2021-27907 was published for apache-superset (pip) May 24, 2022
Plone XSS Vulnerability Moderate
CVE-2021-29002 was published for plone (pip) May 24, 2022
Apache Superset Cross-site Scripting (XSS) vulnerability on the Explore page Moderate
CVE-2021-32609 was published for apache-superset (pip) May 24, 2022
Mezzanine Cross Site Scripting (XSS) vulnerability Moderate
CVE-2020-19002 was published for Mezzanine (pip) May 24, 2022
Lin-CMS-Flask Cross Site Scripting (XSS) vulnerability Moderate
CVE-2020-18699 was published for lin-cms (pip) May 24, 2022
Plone has stored XSS in folder contents Moderate
CVE-2021-35959 was published for plone (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database