Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,793
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,947
npm
3,475
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

123 advisories

Zammad GmbH Zammad 2.3.0 and earlier is affected by: Cross Site Scripting (XSS) - CWE-80. The... Moderate Unreviewed
CVE-2019-1010018 was published May 24, 2022
A vulnerability has been identified in Spectrum Power 3 (Corporate User Interface) (All versions ... Moderate Unreviewed
CVE-2019-10933 was published May 24, 2022
A vulnerability has been identified in SIMATIC HMI Comfort Panels 4" - 22" (All versions < V15.1... Moderate Unreviewed
CVE-2019-6577 was published May 24, 2022
Apache Tomcat's CookieExample Vulnerable to XSS Moderate
CVE-2007-3384 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Apache Tomcat SendMailServlet XSS Moderate
CVE-2007-3383 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Apache Tomcat XSS Vulnerability Moderate
CVE-2006-7195 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Apache Struts Cross-site scripting Vulnerability Moderate
CVE-2005-3745 was published for org.apache.struts:struts-core (Maven) May 1, 2022
Jetty Javascript Inclusion Vulnerability Moderate
CVE-2002-1533 was published for org.mortbay.jetty:jetty (Maven) Apr 30, 2022
Apache Tomcat allows webmasters to insert xss into error messages Moderate
CVE-2001-0829 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin... High Unreviewed
CVE-2022-0989 was published Apr 12, 2022
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, has been... Moderate Unreviewed
CVE-2008-10001 was published Mar 29, 2022
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in ISS BlackICE PC Protection. It has... Moderate Unreviewed
CVE-2003-5003 was published Mar 29, 2022
Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/sylius Moderate
CVE-2022-24749 was published for Sylius/Sylius (Composer) Mar 14, 2022
Ocramius
jquery.terminal self XSS on user input Low
CVE-2021-43862 was published for jquery.terminal (npm) Jan 6, 2022
Nahiiko
Cross-site scripting (XSS) from image block content in the site frontend Moderate
CVE-2021-41258 was published for getkirby/cms (Composer) Nov 16, 2021
azrultech
Cross-site scripting (XSS) from field and configuration text displayed in the Panel High
CVE-2021-32735 was published for getkirby/cms (Composer) Jul 2, 2021
hdodov tdunlap607
Stored cross-site scripting in Grid component in Vaadin 7 and 8 Moderate
CVE-2019-25028 was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in @nextcloud/dialogs Moderate
CVE-2021-29438 was published for @nextcloud/dialogs (npm) Apr 16, 2021
Possible XSS attack in Wagtail Moderate
CVE-2020-11001 was published for wagtail (pip) Apr 14, 2020
Cross site scripting vulnerability in ActionView Moderate
CVE-2020-5267 was published for actionview (RubyGems) Mar 19, 2020
jessecampos
XSS/Script injection vulnerability in matestack High
CVE-2020-5241 was published for matestack-ui-core (RubyGems) Feb 12, 2020
PragTob tdunlap607
Cross-Site Scripting in forms Moderate
CVE-2017-16015 was published for forms (npm) Nov 9, 2018
HTML Injection in shout Moderate
CVE-2017-16043 was published for shout (npm) Nov 7, 2018
ProTip! Advisories are also available from the GraphQL API