Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,985
Erlang
29
GitHub Actions
16
Go
1,774
Maven
5,000
npm
3,541
NuGet
617
pip
3,123
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

26,660 advisories

Loading
An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community... Moderate Unreviewed
CVE-2021-41791 was published May 24, 2022
WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers... Moderate Unreviewed
CVE-2021-28975 was published May 24, 2022
This vulnerability occurred due to missing input sanitization for one of the output fields that... Moderate Unreviewed
CVE-2021-35228 was published May 24, 2022
The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Site Scripting due to... Moderate Unreviewed
CVE-2021-39328 was published May 24, 2022
"HCL Connections Security Update for Reflected Cross-Site Scripting (XSS) Vulnerability" Moderate Unreviewed
CVE-2021-27746 was published May 24, 2022
The Content Staging WordPress plugin is vulnerable to Stored Cross-Site Scripting due to... Moderate Unreviewed
CVE-2021-39356 was published May 24, 2022
The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site Scripting due to... Moderate Unreviewed
CVE-2021-39357 was published May 24, 2022
The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient... Moderate Unreviewed
CVE-2021-39348 was published May 24, 2022
Reflected Cross-Site Scripting (XSS) vulnerability in WordPress Ivory Search plugin (versions <=... Moderate Unreviewed
CVE-2021-36869 was published May 24, 2022
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to... Moderate Unreviewed
CVE-2021-21747 was published May 24, 2022
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to... Moderate Unreviewed
CVE-2021-21746 was published May 24, 2022
IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scripting. This vulnerability... Moderate Unreviewed
CVE-2021-38896 was published May 24, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 website used to control the... Moderate Unreviewed
CVE-2021-38482 was published May 24, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient... Moderate Unreviewed
CVE-2021-38466 was published May 24, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored... Moderate Unreviewed
CVE-2021-38468 was published May 24, 2022
IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This... Moderate Unreviewed
CVE-2021-29912 was published May 24, 2022
The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to... Moderate Unreviewed
CVE-2021-39355 was published May 24, 2022
The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to... Moderate Unreviewed
CVE-2021-39343 was published May 24, 2022
The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient... Moderate Unreviewed
CVE-2021-39329 was published May 24, 2022
A potential security vulnerability has been identified in HPE Superdome Flex Servers. The... Moderate Unreviewed
CVE-2021-26589 was published May 24, 2022
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login. Moderate Unreviewed
CVE-2021-35323 was published May 24, 2022
A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user... High Unreviewed
CVE-2021-31355 was published May 24, 2022
A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series,... High Unreviewed
CVE-2021-31373 was published May 24, 2022
myfactory.FMS before 7.1-912 allows XSS via the Error parameter. Moderate Unreviewed
CVE-2021-42566 was published May 24, 2022
A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS... Moderate Unreviewed
CVE-2020-8291 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API