GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
26,385 advisories
Filter by severity
IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored...
Moderate
Unreviewed
CVE-2021-29807
was published
May 24, 2022
Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in...
Moderate
Unreviewed
CVE-2020-19915
was published
May 24, 2022
The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error...
Moderate
Unreviewed
CVE-2021-34650
was published
May 24, 2022
The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to...
Moderate
Unreviewed
CVE-2021-39325
was published
May 24, 2022
Cross-site scripting vulnerability in List (order management) item change plug-in (for EC-CUBE 3...
Moderate
Unreviewed
CVE-2021-20825
was published
May 24, 2022
Cross-site scripting vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series)...
Moderate
Unreviewed
CVE-2021-20828
was published
May 24, 2022
A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x...
Moderate
Unreviewed
CVE-2020-12082
was published
May 24, 2022
In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile...
Moderate
Unreviewed
CVE-2021-41391
was published
May 24, 2022
A cross-site scripting (XSS) vulnerability in RGCMS v1.06 allows attackers to obtain the...
Moderate
Unreviewed
CVE-2020-21482
was published
May 24, 2022
OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in...
Moderate
Unreviewed
CVE-2021-27340
was published
May 24, 2022
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM...
Moderate
Unreviewed
CVE-2021-23027
was published
May 24, 2022
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
Moderate
Unreviewed
CVE-2021-40440
was published
May 24, 2022
Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute...
Moderate
Unreviewed
CVE-2020-19148
was published
May 24, 2022
Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code...
Moderate
Unreviewed
CVE-2020-19156
was published
May 24, 2022
Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute...
Moderate
Unreviewed
CVE-2020-19158
was published
May 24, 2022
Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers to execute arbitrary code...
Moderate
Unreviewed
CVE-2020-19157
was published
May 24, 2022
In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative...
Moderate
Unreviewed
CVE-2021-38156
was published
May 24, 2022
The TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar.
Moderate
Unreviewed
CVE-2021-37412
was published
May 24, 2022
A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel in Webuzo < 2.9.0 via an...
Moderate
Unreviewed
CVE-2021-40238
was published
May 24, 2022
A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager...
Moderate
Unreviewed
CVE-2021-40966
was published
May 24, 2022
NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user...
Moderate
Unreviewed
CVE-2021-33691
was published
May 24, 2022
Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and...
Moderate
Unreviewed
CVE-2021-28901
was published
May 24, 2022
SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing...
Moderate
Unreviewed
CVE-2021-33694
was published
May 24, 2022
SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does...
Moderate
Unreviewed
CVE-2021-33696
was published
May 24, 2022
SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not...
Moderate
Unreviewed
CVE-2021-21489
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API