Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

27,836 advisories

Loading
Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov... Moderate Unreviewed
CVE-2022-34648 was published Aug 24, 2022
Authenticated (subscriber+) plugin settings change leading to Stored Cross-Site Scripting (XSS)... Moderate Unreviewed
CVE-2022-36341 was published Aug 24, 2022
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 Degree Themes otification... Moderate Unreviewed
CVE-2022-29476 was published Aug 24, 2022
Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy's... Moderate Unreviewed
CVE-2022-36282 was published Aug 24, 2022
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in amCharts: Charts... Moderate Unreviewed
CVE-2022-36405 was published Aug 24, 2022
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alpine Press Alpine... Moderate Unreviewed
CVE-2022-36347 was published Aug 24, 2022
HTML Injection in ActiveMQ Artemis Web Console Moderate
CVE-2022-35278 was published for org.apache.activemq:artemis-server (Maven) Aug 24, 2022
ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new... Moderate Unreviewed
CVE-2022-38172 was published Aug 24, 2022
Cross-site Scripting in Jenkins Job Configuration History Plugin Moderate
CVE-2022-38664 was published for org.jenkins-ci.plugins:jobConfigHistory (Maven) Aug 24, 2022
NotMyFault
ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality. Moderate Unreviewed
CVE-2022-38463 was published Aug 24, 2022
Cross site scripting in yetiforce/yetiforce-crm Moderate
CVE-2022-1340 was published for yetiforce/yetiforce-crm (Composer) Aug 23, 2022
Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients... Moderate Unreviewed
CVE-2022-36251 was published Aug 23, 2022
Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a... Moderate Unreviewed
CVE-2022-35655 was published Aug 23, 2022
Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager... Moderate Unreviewed
CVE-2022-34857 was published Aug 23, 2022
Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and... Moderate Unreviewed
CVE-2022-35654 was published Aug 23, 2022
The Rezgo Online Booking WordPress plugin before 4.1.8 does not sanitise and escape some... Moderate Unreviewed
CVE-2022-1932 was published Aug 23, 2022
The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its... Moderate Unreviewed
CVE-2022-2361 was published Aug 23, 2022
The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from... High Unreviewed
CVE-2022-2362 was published Aug 23, 2022
The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter... Moderate Unreviewed
CVE-2022-2383 was published Aug 23, 2022
The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter... Moderate Unreviewed
CVE-2022-2532 was published Aug 23, 2022
The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape some of its settings, which... Moderate Unreviewed
CVE-2022-2407 was published Aug 23, 2022
The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its "Simple Banner... Moderate Unreviewed
CVE-2022-0446 was published Aug 23, 2022
The Coming Soon - Under Construction WordPress plugin through 1.1.9 does not sanitize and escape... Moderate Unreviewed
CVE-2022-1322 was published Aug 23, 2022
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape... Moderate Unreviewed
CVE-2021-24911 was published Aug 23, 2022
Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly... Moderate Unreviewed
CVE-2022-28598 was published Aug 23, 2022
ProTip! Advisories are also available from the GraphQL API