Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

496 advisories

Loading
Cross-Site Scripting in mustache High
CVE-2015-8862 was published for mustache (npm) Oct 24, 2017
Sanitize vulnerable to Improper Input Validation and Cross-site Scripting High
CVE-2018-3740 was published for sanitize (RubyGems) Mar 21, 2018
XSS in Data URI in remarkable High
CVE-2017-16006 was published for remarkable (npm) Nov 9, 2018
Cross-Site Scripting in buttle High
CVE-2019-5422 was published for buttle (npm) Apr 8, 2019
Cross-Site Scripting in bracket-template High
GHSA-jj6g-7j8p-7gf2 was published for bracket-template (npm) May 30, 2019
Cross-Site Scripting in react-svg High
GHSA-8xqr-4cpm-wx7g was published for react-svg (npm) May 31, 2019
Cross-Site Scripting (XSS) in cloudcmd High
GHSA-m8fw-534v-xm85 was published for cloudcmd (npm) Jun 4, 2019
Cross-Site Scripting in ids-enterprise High
GHSA-crfx-5phg-hmw9 was published for ids-enterprise (npm) Jun 13, 2019
Cross-Site Scripting in ids-enterprise High
GHSA-hpfq-8wx8-cgqw was published for ids-enterprise (npm) Jun 13, 2019
Cross-Site Scripting in ids-enterprise High
GHSA-49r3-3h96-rwj6 was published for ids-enterprise (npm) Jun 13, 2019
Arbitrary File Read in html-pdf High
CVE-2019-15138 was published for html-pdf (npm) Oct 11, 2019
Cross-Site Scripting in vant High
GHSA-9xr8-8hmc-389f was published for vant (npm) Nov 22, 2019
XSS in enshrined/svg-sanitize due to mishandled script and data values in attributes High
CVE-2019-18857 was published for enshrined/svg-sanitize (Composer) Jan 8, 2020
ohader
Credited to ohader
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application High
CVE-2020-5398 was published for org.springframework:spring-webflux (Maven) Jan 21, 2020
briandealwis sunSUNQ
Credited to briandealwis and sunSUNQ
Cross-site scripting vulnerability in TinyMCE High
CVE-2020-17480 was published for tinymce (npm) Jan 30, 2020
Cross-Site Scripting in fileview High
CVE-2019-15602 was published for fileview (npm) Apr 1, 2020
Cross-Site Scripting in seeftl High
CVE-2019-15603 was published for seeftl (npm) Apr 1, 2020
Reflected XSS in GraphQL Playground High
CVE-2020-4038 was published for graphql-playground-html (npm) Jun 9, 2020
The filename of uploaded files vulnerable to stored XSS High
CVE-2020-4041 was published for bolt/bolt (Composer) Jun 9, 2020
staz0t
Credited to staz0t
Cross-site Scripting in Sanitize High
CVE-2020-4054 was published for sanitize (RubyGems) Jun 16, 2020
Stored XSS in TimelineJS3 High
CVE-2020-15092 was published for @knight-lab/timelinejs (npm) Jul 9, 2020
captainGeech42 JoeGermuska
Credited to captainGeech42 and JoeGermuska
Cross-Site Scripting in Wagtail High
CVE-2020-15118 was published for wagtail (pip) Jul 20, 2020
acarasimon96
Credited to acarasimon96
Cross-Site Scripting in Prism High
CVE-2020-15138 was published for prismjs (npm) Aug 7, 2020
masatokinugawa
Credited to masatokinugawa
Cross-Site Scripting in @progress/kendo-angular-editor High
GHSA-j7wp-vjj6-cp5m was published for @progress/kendo-angular-editor (npm) Aug 11, 2020
Cross-Site Scripting in highcharts High
GHSA-gr4j-r575-g665 was published for highcharts (npm) Aug 25, 2020
Windforce17
Credited to Windforce17
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database