Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,032
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

314 advisories

Loading
Moderate severity vulnerability that affects Zope2 Moderate
CVE-2010-1104 was published for Zope2 (pip) Jul 23, 2018
Cross-site Scripting and Open Redirect in Products.CMFPlone Moderate
GHSA-8w54-22w9-3g8f was published for Products.CMFPlone (pip) Jan 28, 2022
Cross-site Scripting and Open Redirect in plone.app.contenttypes Moderate
GHSA-f7qw-5fgj-247x was published for plone.app.contenttypes (pip) Feb 1, 2022
SVG with embedded scripts can lead to cross-site scripting attacks in xml2rfc Moderate
GHSA-cf4q-4cqr-7g7w was published for xml2rfc (pip) Apr 22, 2022
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares Moderate
GHSA-c58j-88f5-h53f was published for pycares (pip) Jul 5, 2022
Apache Superset is vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-43718 was published for apache-superset (pip) Jan 16, 2023
Apache Superset vulnerable to Cross-site Scripting Moderate
CVE-2022-43717 was published for apache-superset (pip) Jan 16, 2023
Cross-site Scripting in FreeTAKServer-UI Moderate
CVE-2022-25507 was published for FreeTAKServer-UI (pip) Mar 12, 2022
Multiple cross-site scripting (XSS) vulnerabilities in Roundup Moderate
CVE-2012-6133 was published for roundup (pip) Apr 23, 2022
westonsteimel
Credited to westonsteimel
Cross-site scripting in Contentful Moderate
CVE-2020-13258 was published for contentful (pip) Jun 18, 2021
Inventree vulnerable to Stored Cross-site Scripting Moderate
CVE-2022-3355 was published for inventree (pip) Sep 30, 2022
Graphite Web Cross-site Scripting vulnerability Moderate
CVE-2022-4728 was published for graphite-web (pip) Dec 27, 2022
Graphite Web Cross-site Scripting vulnerability Moderate
CVE-2022-4729 was published for graphite-web (pip) Dec 27, 2022
Graphite Web Cross-site Scripting vulnerability Moderate
CVE-2022-4730 was published for graphite-web (pip) Dec 27, 2022
Cross-site Scripting in Ericsson CodeChecker Moderate
CVE-2021-44217 was published for codechecker (pip) Jan 21, 2022
Cross-site Scripting in kiwitcms Moderate
CVE-2022-4105 was published for kiwitcms (pip) Nov 21, 2022
Cross-site Scripting in pyload-ng Moderate
CVE-2023-0488 was published for pyload-ng (pip) Jan 27, 2023
OpenStack Swift Cross-site Scriping vulnerability Moderate
CVE-2014-3497 was published for swift (pip) May 17, 2022
Whatsapp-Chat-Exporter has Cross-Site Scripting vulnerability in HTML output of chats. Moderate
GHSA-8c6x-g4fw-8rf4 was published for Whatsapp-Chat-Exporter (pip) Jul 10, 2023
KnugiHK
Credited to KnugiHK
Django REST framework XSS Vulnerability Moderate
CVE-2018-25045 was published for django-rest-framework (pip) Jul 24, 2022
Whoogle Search Cross-site Scripting via string parameter Moderate
CVE-2022-25303 was published for whoogle-search (pip) Jul 15, 2022
PyDio Stored XSS Vulnerability Moderate
CVE-2019-10047 was published for Pydio (pip) May 24, 2022
Review Board Cross-site scripting (XSS) vulnerability in the reviews dropdown Moderate
CVE-2013-2209 was published for reviewboard (pip) May 17, 2022
Apache Superset Stored XSS on Dashboard markdown Moderate
CVE-2021-27907 was published for apache-superset (pip) May 24, 2022
Cross-site Scripting in Mistune Moderate
CVE-2017-15612 was published for mistune (pip) May 17, 2022
tdunlap607
Credited to tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database