Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,604 advisories

Loading
Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the... Low Unreviewed
CVE-2007-0275 was published May 1, 2022
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 allow remote attackers to... Low Unreviewed
CVE-2006-5451 was published May 1, 2022
Alkacon OpenCms XSS via unsanitized message body Low
CVE-2006-3933 was published for org.opencms:opencms-core (Maven) May 1, 2022
Multiple cross-site scripting (XSS) vulnerabilities in interna/hilfe.php in Papoo 3 RC3 and... Low Unreviewed
CVE-2006-3571 was published May 1, 2022
Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review allow remote attackers to... Low Unreviewed
CVE-2006-3061 was published May 1, 2022
Alkacon OpenCms XSS via query parameter in a search action Low
CVE-2006-2571 was published for org.opencms:opencms-core (Maven) May 1, 2022
Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites 1.1 allow remote attackers... Low Unreviewed
CVE-2006-2545 was published May 1, 2022
Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow... Low Unreviewed
CVE-2006-2016 was published May 1, 2022
Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 allow remote attackers to... Low Unreviewed
CVE-2006-1918 was published May 1, 2022
Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6... Low Unreviewed
CVE-2006-1898 was published May 1, 2022
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Autogallery 0.41 allow remote... Low Unreviewed
CVE-2006-1750 was published May 1, 2022
Cross-site scripting in Apache Struts Low
CVE-2006-1548 was published for struts:struts (Maven) May 1, 2022
Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when... Low Unreviewed
CVE-2006-1193 was published May 1, 2022
Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross... Low Unreviewed
CVE-2006-0800 was published May 1, 2022
Alkacon OpenCms XSS via username during login Low
CVE-2005-4294 was published for org.opencms:opencms-core (Maven) May 1, 2022
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8... Low Unreviewed
CVE-2005-4190 was published May 1, 2022
Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server... Low Unreviewed
CVE-2005-3205 was published May 1, 2022
Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote... Low Unreviewed
CVE-2005-1778 was published May 1, 2022
Microsoft Internet Information Services (IIS) 6.0, when DNS resolution is enabled for client IP... Low Unreviewed
CVE-2003-1582 was published Apr 29, 2022
The Apache HTTP Server 2.0.44, when DNS resolution is enabled for client IP addresses, allows... Low Unreviewed
CVE-2003-1581 was published Apr 29, 2022
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is... Low Unreviewed
CVE-2003-1577 was published Apr 29, 2022
In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible Low Unreviewed
CVE-2022-29816 was published Apr 29, 2022
Reflected Cross Site Scripting in GitHub repository openemr/openemr prior to 6.0.0.4. Low Unreviewed
CVE-2022-1180 was published Mar 31, 2022
jquery.terminal self XSS on user input Low
CVE-2021-43862 was published for jquery.terminal (npm) Jan 6, 2022
Nahiiko
Credited to Nahiiko
Cross-site scripting in Apache Syncome EndUser Low
CVE-2019-17557 was published for org.apache.syncope.client:syncope-client-enduser (Maven) Jan 6, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database