GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
26,394 advisories
Filter by severity
LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows atackers...
Moderate
Unreviewed
CVE-2020-20131
was published
May 24, 2022
A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7...
Moderate
Unreviewed
CVE-2020-20781
was published
May 24, 2022
JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release...
Moderate
Unreviewed
CVE-2020-21228
was published
May 24, 2022
IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This...
Moderate
Unreviewed
CVE-2021-20554
was published
May 24, 2022
NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in...
Moderate
Unreviewed
CVE-2021-35199
was published
May 24, 2022
NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to achieve Stored Cross-Site...
Moderate
Unreviewed
CVE-2021-35200
was published
May 24, 2022
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the...
Moderate
Unreviewed
CVE-2021-35204
was published
May 24, 2022
NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the...
Moderate
Unreviewed
CVE-2021-35198
was published
May 24, 2022
EARCLINK ESPCMS-P8 contains a cross-site scripting (XSS) vulnerability in espcms_web\espcms_load...
Moderate
Unreviewed
CVE-2020-20125
was published
May 24, 2022
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0...
Moderate
Unreviewed
CVE-2021-29834
was published
May 24, 2022
Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which...
Moderate
Unreviewed
CVE-2021-30086
was published
May 24, 2022
Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be...
Moderate
Unreviewed
CVE-2021-37267
was published
May 24, 2022
In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately...
Moderate
Unreviewed
CVE-2021-41318
was published
May 24, 2022
Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an...
Moderate
Unreviewed
CVE-2021-37271
was published
May 24, 2022
On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of...
Moderate
Unreviewed
CVE-2021-23054
was published
May 24, 2022
An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in...
Moderate
Unreviewed
CVE-2021-40106
was published
May 24, 2022
An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments.
Moderate
Unreviewed
CVE-2021-40105
was published
May 24, 2022
A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE...
Moderate
Unreviewed
CVE-2021-26587
was published
May 24, 2022
The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does not escape the message...
Moderate
Unreviewed
CVE-2021-24632
was published
May 24, 2022
The WP Map Block WordPress plugin before 1.2.3 does not escape some attributes of the WP Map...
Moderate
Unreviewed
CVE-2021-24643
was published
May 24, 2022
The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does not properly sanitise or...
Moderate
Unreviewed
CVE-2021-24634
was published
May 24, 2022
The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the...
Moderate
Unreviewed
CVE-2021-24610
was published
May 24, 2022
The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.1.2 does not escape the...
Moderate
Unreviewed
CVE-2021-24569
was published
May 24, 2022
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode...
Moderate
Unreviewed
CVE-2021-36845
was published
May 24, 2022
The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing...
Moderate
Unreviewed
CVE-2021-24670
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API