GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
26,385 advisories
Filter by severity
Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user...
Moderate
Unreviewed
CVE-2021-33673
was published
May 24, 2022
Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user...
Moderate
Unreviewed
CVE-2021-33675
was published
May 24, 2022
Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user...
Moderate
Unreviewed
CVE-2021-33674
was published
May 24, 2022
The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the...
Moderate
Unreviewed
CVE-2021-33679
was published
May 24, 2022
In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post...
Moderate
Unreviewed
CVE-2021-32202
was published
May 24, 2022
IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability...
Moderate
Unreviewed
CVE-2021-29841
was published
May 24, 2022
On BIG-IP version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3, 14.1.x before 14.1.4.2, 13.1.x...
Moderate
Unreviewed
CVE-2021-23041
was published
May 24, 2022
A cross-site scripting (XSS) vulnerability in the background administrator article management...
Moderate
Unreviewed
CVE-2020-21082
was published
May 24, 2022
The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO Software Inc.'s TIBCO...
Moderate
Unreviewed
CVE-2021-35493
was published
May 24, 2022
On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before...
Critical
Unreviewed
CVE-2021-23038
was published
May 24, 2022
On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross...
Critical
Unreviewed
CVE-2021-23037
was published
May 24, 2022
Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.1 and 4.5.4
Moderate
Unreviewed
CVE-2021-22528
was published
May 24, 2022
Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component.
Moderate
Unreviewed
CVE-2021-40214
was published
May 24, 2022
PRTG Network Monitor before 21.3.69.1333 allows stored XSS via an unsanitized string imported...
Moderate
Unreviewed
CVE-2021-29643
was published
May 24, 2022
The create_post_page AJAX action of the Custom Post View Generator WordPress plugin through 0.4.6...
Moderate
Unreviewed
CVE-2021-24605
was published
May 24, 2022
The Smash Balloon Social Post Feed WordPress plugin before 2.19.2 does not sanitise or escape the...
Moderate
Unreviewed
CVE-2021-24508
was published
May 24, 2022
The Book appointment online WordPress plugin before 1.39 does not sanitise or escape Service...
Moderate
Unreviewed
CVE-2021-24614
was published
May 24, 2022
The Daily Prayer Time WordPress plugin before 2021.08.10 does not sanitise or escape some of its...
Moderate
Unreviewed
CVE-2021-24523
was published
May 24, 2022
The MF Gig Calendar WordPress plugin through 1.1 does not sanitise or escape the id GET parameter...
Moderate
Unreviewed
CVE-2021-24510
was published
May 24, 2022
The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its...
Moderate
Unreviewed
CVE-2021-24619
was published
May 24, 2022
The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the...
Moderate
Unreviewed
CVE-2021-24560
was published
May 24, 2022
The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin before 1.0.64 does...
Moderate
Unreviewed
CVE-2021-24623
was published
May 24, 2022
The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise its Video Embed Code,...
Moderate
Unreviewed
CVE-2021-24621
was published
May 24, 2022
The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise...
Moderate
Unreviewed
CVE-2021-24724
was published
May 24, 2022
A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 allows attackers to execute...
Moderate
Unreviewed
CVE-2020-19282
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API