GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,985
Erlang
29
GitHub Actions
16
Go
1,774
Maven
5,000
npm
3,541
NuGet
617
pip
3,123
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
26,660 advisories
Filter by severity
An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community...
Moderate
Unreviewed
CVE-2021-41791
was published
May 24, 2022
WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers...
Moderate
Unreviewed
CVE-2021-28975
was published
May 24, 2022
This vulnerability occurred due to missing input sanitization for one of the output fields that...
Moderate
Unreviewed
CVE-2021-35228
was published
May 24, 2022
The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Site Scripting due to...
Moderate
Unreviewed
CVE-2021-39328
was published
May 24, 2022
"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability"
Moderate
Unreviewed
CVE-2021-27746
was published
May 24, 2022
The Content Staging WordPress plugin is vulnerable to Stored Cross-Site Scripting due to...
Moderate
Unreviewed
CVE-2021-39356
was published
May 24, 2022
The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site Scripting due to...
Moderate
Unreviewed
CVE-2021-39357
was published
May 24, 2022
The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient...
Moderate
Unreviewed
CVE-2021-39348
was published
May 24, 2022
Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <=...
Moderate
Unreviewed
CVE-2021-36869
was published
May 24, 2022
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to...
Moderate
Unreviewed
CVE-2021-21747
was published
May 24, 2022
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to...
Moderate
Unreviewed
CVE-2021-21746
was published
May 24, 2022
IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scripting. This vulnerability...
Moderate
Unreviewed
CVE-2021-38896
was published
May 24, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 website used to control the...
Moderate
Unreviewed
CVE-2021-38482
was published
May 24, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient...
Moderate
Unreviewed
CVE-2021-38466
was published
May 24, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored...
Moderate
Unreviewed
CVE-2021-38468
was published
May 24, 2022
IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This...
Moderate
Unreviewed
CVE-2021-29912
was published
May 24, 2022
The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to...
Moderate
Unreviewed
CVE-2021-39355
was published
May 24, 2022
The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to...
Moderate
Unreviewed
CVE-2021-39343
was published
May 24, 2022
The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient...
Moderate
Unreviewed
CVE-2021-39329
was published
May 24, 2022
A potential security vulnerability has been identified in HPE Superdome Flex Servers. The...
Moderate
Unreviewed
CVE-2021-26589
was published
May 24, 2022
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
Moderate
Unreviewed
CVE-2021-35323
was published
May 24, 2022
A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user...
High
Unreviewed
CVE-2021-31355
was published
May 24, 2022
A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series,...
High
Unreviewed
CVE-2021-31373
was published
May 24, 2022
myfactory.FMS before 7.1-912 allows XSS via the Error parameter.
Moderate
Unreviewed
CVE-2021-42566
was published
May 24, 2022
A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS...
Moderate
Unreviewed
CVE-2020-8291
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API