GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
27,836 advisories
Filter by severity
Authenticated (author+) Stored Cross-Site Scripting (XSS) vulnerability in dmitrylitvinov...
Moderate
Unreviewed
CVE-2022-34648
was published
Aug 24, 2022
Authenticated (subscriber+) plugin settings change leading to Stored Cross-Site Scripting (XSS)...
Moderate
Unreviewed
CVE-2022-36341
was published
Aug 24, 2022
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability in 8 Degree Themes otification...
Moderate
Unreviewed
CVE-2022-29476
was published
Aug 24, 2022
Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Roman Pronskiy's...
Moderate
Unreviewed
CVE-2022-36282
was published
Aug 24, 2022
Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in amCharts: Charts...
Moderate
Unreviewed
CVE-2022-36405
was published
Aug 24, 2022
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alpine Press Alpine...
Moderate
Unreviewed
CVE-2022-36347
was published
Aug 24, 2022
HTML Injection in ActiveMQ Artemis Web Console
Moderate
CVE-2022-35278
was published
for
org.apache.activemq:artemis-server
(Maven)
Aug 24, 2022
ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new...
Moderate
Unreviewed
CVE-2022-38172
was published
Aug 24, 2022
Cross-site Scripting in Jenkins Job Configuration History Plugin
Moderate
CVE-2022-38664
was published
for
org.jenkins-ci.plugins:jobConfigHistory
(Maven)
Aug 24, 2022
ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.
Moderate
Unreviewed
CVE-2022-38463
was published
Aug 24, 2022
Cross site scripting in yetiforce/yetiforce-crm
Moderate
CVE-2022-1340
was published
for
yetiforce/yetiforce-crm
(Composer)
Aug 23, 2022
Clinic's Patient Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via patients...
Moderate
Unreviewed
CVE-2022-36251
was published
Aug 23, 2022
Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a...
Moderate
Unreviewed
CVE-2022-35655
was published
Aug 23, 2022
Reflected Cross-Site Scripting (XSS) vulnerability in smartypants SP Project & Document Manager...
Moderate
Unreviewed
CVE-2022-34857
was published
Aug 23, 2022
Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and...
Moderate
Unreviewed
CVE-2022-35654
was published
Aug 23, 2022
The Rezgo Online Booking WordPress plugin before 4.1.8 does not sanitise and escape some...
Moderate
Unreviewed
CVE-2022-1932
was published
Aug 23, 2022
The WP Social Chat WordPress plugin before 6.0.5 does not sanitise and escape some of its...
Moderate
Unreviewed
CVE-2022-2361
was published
Aug 23, 2022
The Download Manager WordPress plugin before 3.2.50 prioritizes getting a visitor's IP from...
High
Unreviewed
CVE-2022-2362
was published
Aug 23, 2022
The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter...
Moderate
Unreviewed
CVE-2022-2383
was published
Aug 23, 2022
The Feed Them Social WordPress plugin before 3.0.1 does not sanitise and escape a parameter...
Moderate
Unreviewed
CVE-2022-2532
was published
Aug 23, 2022
The WP phpMyAdmin WordPress plugin before 5.2.0.4 does not escape some of its settings, which...
Moderate
Unreviewed
CVE-2022-2407
was published
Aug 23, 2022
The Simple Banner WordPress plugin before 2.12.0 does not properly sanitize its "Simple Banner...
Moderate
Unreviewed
CVE-2022-0446
was published
Aug 23, 2022
The Coming Soon - Under Construction WordPress plugin through 1.1.9 does not sanitize and escape...
Moderate
Unreviewed
CVE-2022-1322
was published
Aug 23, 2022
The Transposh WordPress Translation WordPress plugin before 1.0.8 does not sanitise and escape...
Moderate
Unreviewed
CVE-2021-24911
was published
Aug 23, 2022
Frappe ERPNext 12.29.0 is vulnerable to XSS where the software does not neutralize or incorrectly...
Moderate
Unreviewed
CVE-2022-28598
was published
Aug 23, 2022
ProTip!
Advisories are also available from the
GraphQL API