Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,515 advisories

Loading
textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A... High Unreviewed
CVE-2021-44082 was published Mar 31, 2022
Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin... High Unreviewed
CVE-2022-1347 was published Apr 14, 2022
A remote attacker with write access to PI ProcessBook files could inject code that is imported... High Unreviewed
CVE-2020-25163 was published Apr 19, 2022
The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authenticated users to upload... High Unreviewed
CVE-2021-38346 was published May 24, 2022
The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that... High Unreviewed
CVE-2021-38345 was published May 24, 2022
Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote... High Unreviewed
CVE-2022-42786 was published Nov 10, 2022
The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2... High Unreviewed
CVE-2021-24728 was published May 24, 2022
Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary... High Unreviewed
CVE-2019-9164 was published May 13, 2022
A non-privileged user of the Siemens web application RUGGEDCOM NMS < V1.2 on port 8080/TCP and... High Unreviewed
CVE-2017-2683 was published May 17, 2022
XSS & SQLi in HugeIT slideshow v1.0.4 High Unreviewed
CVE-2016-1000117 was published May 17, 2022
The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before... High Unreviewed
CVE-2022-2219 was published Jul 26, 2022
An issue was discovered in Kabona AB WebDatorCentral (WDC) application prior to Version 3.4.0.... High Unreviewed
CVE-2016-8356 was published May 17, 2022
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 allows remote authenticated... High Unreviewed
CVE-2016-6641 was published May 17, 2022
Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. A... High Unreviewed
CVE-2020-11749 was published May 24, 2022
Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged... High Unreviewed
CVE-2022-30297 was published Nov 11, 2022
app/operator_panel/exec.php in the Operator Panel module in FreePBX 4.4.3 suffers from a command... High Unreviewed
CVE-2019-11409 was published May 24, 2022
The web interface of the D-Link DVA-5592 20180823 is vulnerable to an authentication bypass that... High Unreviewed
CVE-2019-6969 was published May 24, 2022
The Blue Admin WordPress plugin through 21.06.01 does not sanitise or escape its "Logo Title"... High Unreviewed
CVE-2021-24581 was published May 24, 2022
In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page... High Unreviewed
CVE-2020-5945 was published May 24, 2022
Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks J-Web and web based (HTTP... High Unreviewed
CVE-2020-1673 was published May 24, 2022
Certain NETGEAR devices are affected by Stored XSS. This affects D7800 before 1.0.1.56, R7500v2... High Unreviewed
CVE-2020-35839 was published May 24, 2022
Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase plugin before 1.22.16 for... High Unreviewed
CVE-2020-35937 was published May 24, 2022
The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel. High Unreviewed
CVE-2020-28456 was published May 24, 2022
This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard... High Unreviewed
CVE-2020-28457 was published May 24, 2022
In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can... High Unreviewed
CVE-2020-35475 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database