GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,388
Composer 3,968
Erlang 29
GitHub Actions 16
Go 1,752
Maven 4,982
npm 3,516
NuGet 609
pip 3,090
Pub 10
RubyGems 832
Rust 782
Swift 34

Unreviewed advisories

All unreviewed 221,456

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

26,394 advisories

Filter by severity

Sort by

Least recently updated

LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows atackers... Moderate Unreviewed

CVE-2020-20131 was published May 24, 2022

A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7... Moderate Unreviewed

CVE-2020-20781 was published May 24, 2022

JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release... Moderate Unreviewed

CVE-2020-21228 was published May 24, 2022

IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This... Moderate Unreviewed

CVE-2021-20554 was published May 24, 2022

NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in... Moderate Unreviewed

CVE-2021-35199 was published May 24, 2022

NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to achieve Stored Cross-Site... Moderate Unreviewed

CVE-2021-35200 was published May 24, 2022

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the... Moderate Unreviewed

CVE-2021-35204 was published May 24, 2022

NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the... Moderate Unreviewed

CVE-2021-35198 was published May 24, 2022

EARCLINK ESPCMS-P8 contains a cross-site scripting (XSS) vulnerability in espcms_web\espcms_load... Moderate Unreviewed

CVE-2020-20125 was published May 24, 2022

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0... Moderate Unreviewed

CVE-2021-29834 was published May 24, 2022

Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which... Moderate Unreviewed

CVE-2021-30086 was published May 24, 2022

Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be... Moderate Unreviewed

CVE-2021-37267 was published May 24, 2022

In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately... Moderate Unreviewed

CVE-2021-41318 was published May 24, 2022

Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an... Moderate Unreviewed

CVE-2021-37271 was published May 24, 2022

On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of... Moderate Unreviewed

CVE-2021-23054 was published May 24, 2022

An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in... Moderate Unreviewed

CVE-2021-40106 was published May 24, 2022

An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments. Moderate Unreviewed

CVE-2021-40105 was published May 24, 2022

A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE... Moderate Unreviewed

CVE-2021-26587 was published May 24, 2022

The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does not escape the message... Moderate Unreviewed

CVE-2021-24632 was published May 24, 2022

The WP Map Block WordPress plugin before 1.2.3 does not escape some attributes of the WP Map... Moderate Unreviewed

CVE-2021-24643 was published May 24, 2022

The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does not properly sanitise or... Moderate Unreviewed

CVE-2021-24634 was published May 24, 2022

The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the... Moderate Unreviewed

CVE-2021-24610 was published May 24, 2022

The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.1.2 does not escape the... Moderate Unreviewed

CVE-2021-24569 was published May 24, 2022

Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode... Moderate Unreviewed

CVE-2021-36845 was published May 24, 2022

The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing... Moderate Unreviewed

CVE-2021-24670 was published May 24, 2022

Previous 1 2 … 394 395 396 397 398 399 400 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

26,394 advisories