GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
28,059 advisories
Filter by severity
SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting ...
Moderate
Unreviewed
CVE-2022-40028
was published
Sep 22, 2022
The Web Server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily...
Critical
Unreviewed
CVE-2022-30578
was published
Sep 22, 2022
The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable...
Critical
Unreviewed
CVE-2022-30577
was published
Sep 22, 2022
SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting ...
Moderate
Unreviewed
CVE-2022-40027
was published
Sep 22, 2022
Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA...
Moderate
Unreviewed
CVE-2022-36383
was published
Sep 22, 2022
Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Totalsoft Event...
Moderate
Unreviewed
CVE-2022-36390
was published
Sep 22, 2022
Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA...
Moderate
Unreviewed
CVE-2022-36365
was published
Sep 22, 2022
Awesome Support vulnerable to persistent cross-site scripting
Moderate
CVE-2022-38073
was published
for
awesome-support/awesome-support
(Composer)
Sep 22, 2022
@netlify/ipx vulnerable to Full Response SSRF and Stored XSS via Cache Poisoning and Improper Host Validation
Moderate
CVE-2022-39239
was published
for
@netlify/ipx
(npm)
Sep 21, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module
Moderate
CVE-2022-3004
was published
for
yetiforce/yetiforce-crm
(Composer)
Sep 21, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting via WidgetsManagement module
Moderate
CVE-2022-2924
was published
for
yetiforce/yetiforce-crm
(Composer)
Sep 21, 2022
Microweber Cross-site Scripting can result in redirection to a malicious site
Moderate
CVE-2022-3242
was published
for
microweber/microweber
(Composer)
Sep 21, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module
Moderate
CVE-2022-3005
was published
for
yetiforce/yetiforce-crm
(Composer)
Sep 21, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting via LayoutEditor module
Moderate
CVE-2022-3000
was published
for
yetiforce/yetiforce-crm
(Composer)
Sep 21, 2022
Microweber vulnerable to HTML Injection in create tag functionality
Moderate
CVE-2022-3245
was published
for
microweber/microweber
(Composer)
Sep 21, 2022
Cross site scripting in Cloudreve
Moderate
CVE-2022-32167
was published
for
github.com/HFO4/cloudreve
(Go)
Sep 21, 2022
SFTPGo WebClient vulnerable to Cross-site Scripting
Moderate
CVE-2022-39220
was published
for
github.com/drakkan/sftpgo
(Go)
Sep 20, 2022
A stored Cross-Site Scripting (XSS) vulnerability in OPSWAT MetaDefender ICAP Server before 4.13...
Moderate
Unreviewed
CVE-2022-40778
was published
Sep 20, 2022
The Ketchup Restaurant Reservations WordPress plugin through 1.0.0 does not sanitise and escape...
Moderate
Unreviewed
CVE-2022-2753
was published
Sep 20, 2022
The Scroll To Top WordPress plugin before 1.4.1 does not escape some of its settings, which could...
Moderate
Unreviewed
CVE-2022-2710
was published
Sep 20, 2022
The Float to Top Button WordPress plugin through 2.3.6 does not escape some of its settings,...
Moderate
Unreviewed
CVE-2022-2709
was published
Sep 20, 2022
The Slickr Flickr WordPress plugin through 2.8.1 does not sanitise and escape its settings,...
Moderate
Unreviewed
CVE-2022-3021
was published
Sep 20, 2022
The Gettext override translations WordPress plugin before 2.0.0 does not sanitise and escape some...
Moderate
Unreviewed
CVE-2022-3036
was published
Sep 20, 2022
The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form...
Moderate
Unreviewed
CVE-2022-2567
was published
Sep 20, 2022
An issue was discovered in NOKIA 1350OMS R14.2. Reflected XSS exists under different /oms1350/*...
Moderate
Unreviewed
CVE-2022-40714
was published
Sep 20, 2022
ProTip!
Advisories are also available from the
GraphQL API