GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
28,057 advisories
Filter by severity
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site...
Moderate
Unreviewed
CVE-2022-30682
was published
Sep 17, 2022
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site...
Moderate
Unreviewed
CVE-2022-34218
was published
Sep 17, 2022
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site...
Moderate
Unreviewed
CVE-2022-30685
was published
Sep 17, 2022
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site...
Moderate
Unreviewed
CVE-2022-35664
was published
Sep 17, 2022
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site...
Moderate
Unreviewed
CVE-2022-30684
was published
Sep 17, 2022
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site...
Moderate
Unreviewed
CVE-2022-30686
was published
Sep 17, 2022
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site...
Moderate
Unreviewed
CVE-2022-30680
was published
Sep 17, 2022
Craft CMS vulnerable to Cross-site Scripting via entry revisions and drafts
Moderate
CVE-2022-37251
was published
for
craftcms/cms
(Composer)
Sep 17, 2022
TestLink v1.9.20 was discovered to contain a stored cross-site scripting (XSS) vulnerability via ...
Moderate
Unreviewed
CVE-2022-35194
was published
Sep 17, 2022
6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting (XSS) via the /rpc/membership...
Moderate
Unreviewed
CVE-2020-25491
was published
Sep 17, 2022
Craft CMS vulnerable to stored Cross-site Scripting via /admin/settings/fields page
Moderate
CVE-2022-37247
was published
for
craftcms/cms
(Composer)
Sep 17, 2022
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
Moderate
CVE-2022-36020
was published
for
typo3/cms
(Composer)
Sep 16, 2022
XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list
High
CVE-2022-36096
was published
for
org.xwiki.platform:xwiki-platform-index-ui
(Maven)
Sep 16, 2022
XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form
High
CVE-2022-36097
was published
for
org.xwiki.platform:xwiki-platform-attachment-ui
(Maven)
Sep 16, 2022
XWiki Platform Mentions UI vulnerable to Cross-site Scripting
Critical
CVE-2022-36098
was published
for
org.xwiki.platform:xwiki-platform-mentions-ui
(Maven)
Sep 16, 2022
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
Moderate
CVE-2022-36107
was published
for
typo3/cms
(Composer)
Sep 16, 2022
TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper
Moderate
CVE-2022-36108
was published
for
typo3/cms
(Composer)
Sep 16, 2022
XWiki Platform Web Parent POM vulnerable to XSS in the attachment history
High
CVE-2022-36094
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Sep 16, 2022
Smarty Cross-site Scripting vulnerability in pages that use smarty_function_mailto
Moderate
CVE-2018-25047
was published
for
smarty/smarty
(Composer)
Sep 16, 2022
An issue was discovered in CrushFTP 9. The creation of a new user through the /WebInterface...
Moderate
Unreviewed
CVE-2021-44076
was published
Sep 16, 2022
Pimcore vulnerable to stored stored Cross-site Scripting via`properties` when creating new users
Moderate
CVE-2022-3211
was published
for
pimcore/pimcore
(Composer)
Sep 16, 2022
Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability.
Moderate
Unreviewed
CVE-2022-29649
was published
Sep 16, 2022
A stored cross-site scripting (XSS) vulnerability in the auth_settings component of FiberHome...
Moderate
Unreviewed
CVE-2022-38814
was published
Sep 16, 2022
There is a reflected Cross-Site Scripting vulnerability in the HCL Traveler web admin ...
Moderate
Unreviewed
CVE-2022-27561
was published
Sep 16, 2022
Loan Management System version 1.0 suffers from a persistent cross site scripting vulnerability.
Moderate
Unreviewed
CVE-2022-37139
was published
Sep 15, 2022
ProTip!
Advisories are also available from the
GraphQL API