Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

173 advisories

Loading
An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS... Moderate Unreviewed
CVE-2020-13965 was published May 24, 2022
A vulnerability has been identified in XHQ (All Versions < 6.1). The web interface could allow... Moderate Unreviewed
CVE-2019-19285 was published May 24, 2022
A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated... Moderate Unreviewed
CVE-2021-1351 was published May 24, 2022
A vulnerability in certain web pages of Cisco Webex Meetings could allow an unauthenticated,... Moderate Unreviewed
CVE-2021-1420 was published May 24, 2022
A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If... Moderate Unreviewed
CVE-2020-36196 was published May 24, 2022
This issue affects: QNAP Systems Inc. Q'center versions prior to 1.11.1004. Moderate Unreviewed
CVE-2021-28803 was published May 24, 2022
The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient... Moderate Unreviewed
CVE-2021-39348 was published May 24, 2022
Cross-site Scripting in the Flamingo theme manager High
CVE-2022-29251 was published for org.xwiki.platform:xwiki-platform-flamingo-theme-ui (Maven) May 25, 2022
Cross-site Scripting vulnerability in repository issue list in Gogs Moderate
CVE-2022-31038 was published for gogs.io/gogs (Go) Jun 8, 2022
wuhan005
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in WolfCMS up to 0.8.3.1. It has been... Moderate Unreviewed
CVE-2019-25070 was published Jun 10, 2022
Cross Site Scripting vulnerability in django-jsonform's admin form. High
GHSA-x9jp-4w8m-4f3c was published for django-jsonform (pip) Jun 10, 2022
A vulnerability, which was classified as problematic, has been found in Thomson TCW710 ST5D.10.05... Moderate Unreviewed
CVE-2018-25034 was published Jun 13, 2022
A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This... Moderate Unreviewed
CVE-2017-20114 was published Jun 30, 2022
A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue... Moderate Unreviewed
CVE-2017-20115 was published Jun 30, 2022
A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This... Moderate Unreviewed
CVE-2017-20113 was published Jun 30, 2022
A vulnerability was found in TrueConf Server 4.3.7. It has been rated as problematic. Affected by... Moderate Unreviewed
CVE-2017-20118 was published Jun 30, 2022
A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected... Moderate Unreviewed
CVE-2017-20117 was published Jun 30, 2022
A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic.... Moderate Unreviewed
CVE-2017-20116 was published Jun 30, 2022
A vulnerability was found in Itech Movie Portal Script 7.36. It has been rated as problematic.... Moderate Unreviewed
CVE-2017-20140 was published Jul 23, 2022
A vulnerability has been identified in SCALANCE M-800 / S615 (All versions), SCALANCE SC-600... Moderate Unreviewed
CVE-2022-36325 was published Aug 11, 2022
HTML Injection in ActiveMQ Artemis Web Console Moderate
CVE-2022-35278 was published for org.apache.activemq:artemis-server (Maven) Aug 24, 2022
XWiki Platform Web Parent POM vulnerable to XSS in the attachment history High
CVE-2022-36094 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form High
CVE-2022-36097 was published for org.xwiki.platform:xwiki-platform-attachment-ui (Maven) Sep 16, 2022
XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list High
CVE-2022-36096 was published for org.xwiki.platform:xwiki-platform-index-ui (Maven) Sep 16, 2022
Twisted vulnerable to NameVirtualHost Host header injection Moderate
CVE-2022-39348 was published for twisted (pip) Oct 26, 2022
westonsteimel
ProTip! Advisories are also available from the GraphQL API