Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

28,059 advisories

Loading
SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting ... Moderate Unreviewed
CVE-2022-40028 was published Sep 22, 2022
The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily... Critical Unreviewed
CVE-2022-30578 was published Sep 22, 2022
The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable... Critical Unreviewed
CVE-2022-30577 was published Sep 22, 2022
SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting ... Moderate Unreviewed
CVE-2022-40027 was published Sep 22, 2022
Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA... Moderate Unreviewed
CVE-2022-36383 was published Sep 22, 2022
Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Totalsoft Event... Moderate Unreviewed
CVE-2022-36390 was published Sep 22, 2022
Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA... Moderate Unreviewed
CVE-2022-36365 was published Sep 22, 2022
Awesome Support vulnerable to persistent cross-site scripting Moderate
CVE-2022-38073 was published for awesome-support/awesome-support (Composer) Sep 22, 2022
@netlify/ipx vulnerable to Full Response SSRF and Stored XSS via Cache Poisoning and Improper Host Validation Moderate
CVE-2022-39239 was published for @netlify/ipx (npm) Sep 21, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module Moderate
CVE-2022-3004 was published for yetiforce/yetiforce-crm (Composer) Sep 21, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting via WidgetsManagement module Moderate
CVE-2022-2924 was published for yetiforce/yetiforce-crm (Composer) Sep 21, 2022
Microweber Cross-site Scripting can result in redirection to a malicious site Moderate
CVE-2022-3242 was published for microweber/microweber (Composer) Sep 21, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module Moderate
CVE-2022-3005 was published for yetiforce/yetiforce-crm (Composer) Sep 21, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting via LayoutEditor module Moderate
CVE-2022-3000 was published for yetiforce/yetiforce-crm (Composer) Sep 21, 2022
Microweber vulnerable to HTML Injection in create tag functionality Moderate
CVE-2022-3245 was published for microweber/microweber (Composer) Sep 21, 2022
Cross site scripting in Cloudreve Moderate
CVE-2022-32167 was published for github.com/HFO4/cloudreve (Go) Sep 21, 2022
renbaoshuo
SFTPGo WebClient vulnerable to Cross-site Scripting Moderate
CVE-2022-39220 was published for github.com/drakkan/sftpgo (Go) Sep 20, 2022
A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13... Moderate Unreviewed
CVE-2022-40778 was published Sep 20, 2022
The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not sanitise and escape... Moderate Unreviewed
CVE-2022-2753 was published Sep 20, 2022
The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could... Moderate Unreviewed
CVE-2022-2710 was published Sep 20, 2022
The Float to Top Button WordPress plugin through 2.3.6 does not escape some of its settings,... Moderate Unreviewed
CVE-2022-2709 was published Sep 20, 2022
The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and escape its settings,... Moderate Unreviewed
CVE-2022-3021 was published Sep 20, 2022
The Gettext override translations WordPress plugin before 2.0.0 does not sanitise and escape some... Moderate Unreviewed
CVE-2022-3036 was published Sep 20, 2022
The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form... Moderate Unreviewed
CVE-2022-2567 was published Sep 20, 2022
An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/*... Moderate Unreviewed
CVE-2022-40714 was published Sep 20, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database