GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,665 advisories
Filter by severity
Cross-site Scripting in yapi-vendor
Moderate
CVE-2018-17574
was published
for
yapi-vendor
(npm)
Nov 21, 2018
Reflected XSS on clients-registrations endpoint
Moderate
GHSA-m98g-63qj-fp8j
was published
for
org.keycloak:keycloak-parent
(Maven)
Apr 28, 2022
Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles
Moderate
CVE-2022-2256
was published
for
org.keycloak:keycloak-parent
(Maven)
Sep 23, 2022
apollo-server-core vulnerable to URL-based XSS attack affecting IE11 on default landing page
Moderate
GHSA-2fvv-qxrq-7jq6
was published
for
apollo-server-core
(npm)
Aug 18, 2022
Read the Docs vulnerable to Cross-Site Scripting (XSS)
Moderate
GHSA-98pf-gfh3-x3mp
was published
for
readthedocs
(npm)
Nov 10, 2022
Cross-Site Scripting in simditor
Moderate
CVE-2018-19048
was published
for
simditor
(npm)
May 14, 2019
Cross-Site Scripting in JSPWiki
Moderate
CVE-2019-10076
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Jun 6, 2019
Cross-Site Scripting in bootbox
Moderate
GHSA-87mg-h5r3-hw88
was published
for
bootbox
(npm)
May 30, 2019
Reflected Cross-Site Scripting in jquery.terminal
Moderate
GHSA-2hwp-g4g7-mwwj
was published
for
jquery.terminal
(npm)
May 29, 2019
Cross-Site Scripting via JSONP
Moderate
GHSA-28hp-fgcr-2r4h
was published
for
angular
(npm)
Jun 27, 2019
Cross-Site Scripting in @nuxt/devalue
Moderate
CVE-2019-13506
was published
for
@nuxt/devalue
(npm)
Jul 16, 2019
Cross-Site Scripting in cyberchef
Moderate
CVE-2019-15532
was published
for
cyberchef
(npm)
Aug 27, 2019
Cross-Site Scripting in status-board
Moderate
CVE-2019-15478
was published
for
status-board
(npm)
Sep 23, 2019
XSS in login form
Moderate
CVE-2019-13235
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
Cross-Site Scripting in iobroker.web
Moderate
CVE-2019-10771
was published
for
iobroker.web
(npm)
Dec 2, 2019
Cross-Site Scripting in selectize-plugin-a11y
Moderate
CVE-2019-15482
was published
for
selectize-plugin-a11y
(npm)
Aug 27, 2019
Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke
Moderate
CVE-2019-12562
was published
for
DotNetNuke.Core
(NuGet)
Nov 18, 2019
XSS in search engine
Moderate
CVE-2019-13234
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
Stored XSS in Apache Atlas
Moderate
CVE-2019-10070
was published
for
org.apache.atlas:apache-atlas
(Maven)
Jan 8, 2020
XSS issues in the management interface
Moderate
CVE-2019-13236
was published
for
org.opencms:opencms-core
(Maven)
Nov 12, 2019
Persistent XSS vulnerability in filename of attached file in PrivateBin
Moderate
CVE-2020-5223
was published
for
privatebin/privatebin
(Composer)
Jan 14, 2020
XSS in dojox due to insufficient escape in dojox.xmpp.util.xmlEncode
Moderate
CVE-2019-10785
was published
for
dojox
(npm)
Feb 13, 2020
ProTip!
Advisories are also available from the
GraphQL API