GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
168 advisories
Filter by severity
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11022
was published
for
jquery
(RubyGems)
Apr 29, 2020
Loofah Allows Cross-site Scripting
Moderate
CVE-2019-15587
was published
for
loofah
(RubyGems)
Nov 5, 2019
Haml vulnerable to cross-site scripting
Moderate
CVE-2017-1002201
was published
for
haml
(RubyGems)
Oct 21, 2019
Cross-site scripting in padrino-contrib
Moderate
CVE-2019-16145
was published
for
padrino-contrib
(RubyGems)
Sep 23, 2019
Cross-site scripting in fat_free_crm
Moderate
CVE-2018-20975
was published
for
fat_free_crm
(RubyGems)
Aug 21, 2019
Cross-site Scripting in Chartkick
Moderate
CVE-2019-12732
was published
for
chartkick
(RubyGems)
Jun 7, 2019
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
Bootstrap Vulnerable to Cross-Site Scripting
Moderate
CVE-2019-8331
was published
for
Bootstrap.Less
(RubyGems)
Feb 22, 2019
bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-20677
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
XSS vulnerability that affects bootstrap
Moderate
CVE-2018-20676
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2016-10735
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Cross Site Scripting (XSS) vulnerability in easymon
Moderate
CVE-2018-1000855
was published
for
easymon
(RubyGems)
Dec 21, 2018
Fat Free CRM vulnerable to Cross-site Scripting
Moderate
CVE-2018-1000842
was published
for
fat_free_crm
(RubyGems)
Dec 20, 2018
Rack vulnerable to Cross-site Scripting
Moderate
CVE-2018-16471
was published
for
rack
(RubyGems)
Nov 15, 2018
Content Injection via TileJSON Name in mapbox.js
Moderate
CVE-2017-1000043
was published
for
mapbox-rails
(RubyGems)
Nov 9, 2018
Content Injection via TileJSON attribute in mapbox.js
Moderate
CVE-2017-1000042
was published
for
mapbox-rails
(RubyGems)
Nov 9, 2018
Loofah Cross-site Scripting vulnerability
Moderate
CVE-2018-16468
was published
for
loofah
(RubyGems)
Nov 1, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14041
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
ember-source vulnerable to Cross-site Scripting
Moderate
CVE-2015-1866
was published
for
ember-source
(RubyGems)
Aug 28, 2018
ember-source Cross-site Scripting vulnerability
Low
CVE-2014-0046
was published
for
ember-source
(RubyGems)
Aug 28, 2018
ember-source Cross-site Scripting vulnerability
Moderate
CVE-2015-7565
was published
for
ember-source
(RubyGems)
Aug 28, 2018
grape subject to Cross-site Scripting
Moderate
CVE-2018-3769
was published
for
grape
(RubyGems)
Aug 13, 2018
radiant vulnerable to Cross-site Scripting
Moderate
CVE-2018-7261
was published
for
radiant
(RubyGems)
Jul 27, 2018
Sinatra Cross-site Scripting vulnerability
Moderate
CVE-2018-11627
was published
for
sinatra
(RubyGems)
Jun 5, 2018
ProTip!
Advisories are also available from the
GraphQL API