Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,517 advisories

Loading
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability High Unreviewed
CVE-2023-28309 was published Apr 11, 2023
Cross Site Scripting vulnerability found in Ehuacui BBS allows attackers to cause a denial of... High Unreviewed
CVE-2023-27089 was published Apr 4, 2023
Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web... High Unreviewed
CVE-2022-4862 was published Mar 6, 2023
A vulnerability classified as problematic was found in SourceCodester Online Eyewear Shop 1.0.... High Unreviewed
CVE-2023-0966 was published Feb 22, 2023
Azure DevOps Server Cross-Site Scripting Vulnerability High Unreviewed
CVE-2023-21564 was published Feb 14, 2023
An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1... High Unreviewed
CVE-2022-4092 was published Jan 26, 2023
IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain text fields within a PATCH ... High Unreviewed
CVE-2023-23637 was published Jan 17, 2023
If a Thunderbird user replied to a crafted HTML email containing a <code>meta</code> tag, with... High Unreviewed
CVE-2022-3033 was published Dec 22, 2022
The HTML escaping component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO... High Unreviewed
CVE-2022-41562 was published Dec 13, 2022
Rukovoditel v3.2.1 was discovered to contain a DOM-based cross-site scripting (XSS) vulnerability... High Unreviewed
CVE-2022-45020 was published Dec 6, 2022
A stored XSS vulnerability allows admin to super-admin privilege escalation in the Webadmin... High Unreviewed
CVE-2022-3709 was published Dec 1, 2022
Cross-site scripting in the Intel(R) EMA software before version 1.8.0 may allow a privileged... High Unreviewed
CVE-2022-30297 was published Nov 11, 2022
Multiple W&T Products of the ComServer Series are prone to an XSS attack. An authenticated remote... High Unreviewed
CVE-2022-42786 was published Nov 10, 2022
CandidATS version 3.0.0 allows an external attacker to steal the cookie of arbitrary users. This... High Unreviewed
CVE-2022-42750 was published Nov 3, 2022
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')... High Unreviewed
CVE-2022-22229 was published Oct 18, 2022
An issue in Incident Timelines has been discovered in GitLab CE/EE affecting all versions... High Unreviewed
CVE-2022-2527 was published Oct 17, 2022
A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6... High Unreviewed
CVE-2022-2428 was published Oct 17, 2022
A vulnerability has been identified in Desigo PXM30-1 (All versions < V02.20.126.11-41), Desigo... High Unreviewed
CVE-2022-40181 was published Oct 11, 2022
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo... High Unreviewed
CVE-2022-28816 was published Sep 29, 2022
An improper input validation vulnerability leading to arbitrary file execution was discovered in... High Unreviewed
CVE-2022-23766 was published Sep 20, 2022
Server-side JavaScript injection in Appsmith through 1.7.14 allows remote attackers to execute... High Unreviewed
CVE-2022-39824 was published Sep 6, 2022
The Simple Payment Donations & Subscriptions WordPress plugin before 4.2.1 does not sanitise and... High Unreviewed
CVE-2022-2565 was published Sep 6, 2022
The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from... High Unreviewed
CVE-2022-2362 was published Aug 23, 2022
A vulnerability classified as problematic was found in Calendar Event Multi View Plugin. This... High Unreviewed
CVE-2022-2846 was published Aug 17, 2022
The Unyson WordPress plugin before 2.7.27 does not sanitise and escape a parameter before... High Unreviewed
CVE-2022-2219 was published Jul 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database