Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

114 advisories

Loading
ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS) Critical
GHSA-58h5-h554-429q was published for ezsystems/ezplatform-admin-ui (Composer) Nov 10, 2022
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony Critical
CVE-2019-10913 was published for symfony/http-foundation (Composer) Dec 2, 2019
Cross-Site Scripting in swagger-ui Critical
CVE-2016-5682 was published for swagger-ui (npm) Sep 1, 2020
Cross-Site Scripting in swagger-ui Critical
CVE-2016-1000226 was published for swagger-ui (npm) Sep 1, 2020
Cross-Site Scripting in dompurify Critical
GHSA-mjjq-c88q-qhr6 was published for dompurify (npm) Sep 3, 2020
Java Melody vulnerable to cross-site scripting Critical
CVE-2016-1000273 was published for net.bull.javamelody:javamelody-core (Maven) Jul 20, 2022
Cross-site Scripting in showdoc/showdoc Critical
CVE-2022-0960 was published for showdoc/showdoc (Composer) Mar 15, 2022
Cross-site Scripting in com.erudika:para-core Critical
CVE-2022-1782 was published for com.erudika:para-core (Maven) May 19, 2022
Cross site scripting in facturascripts Critical
CVE-2022-1457 was published for neorazorx/facturascripts (Composer) Apr 26, 2022
XWiki Platform Mentions UI vulnerable to Cross-site Scripting Critical
CVE-2022-36098 was published for org.xwiki.platform:xwiki-platform-mentions-ui (Maven) Sep 16, 2022
Privilege Escalation in cordova-plugin-inappbrowser Critical
CVE-2019-0219 was published for cordova-plugin-inappbrowser (npm) Sep 4, 2020
SQL Injection and Cross-site Scripting in class-validator Critical
CVE-2019-18413 was published for class-validator (npm) Oct 12, 2021
Insufficient user input in Apache Jetspeed-2 Critical
CVE-2022-32533 was published for org.apache.portals.jetspeed-2:jetspeed-commons (Maven) Jul 7, 2022
Dolibarr Cross-site Scripting vulnerability Critical
CVE-2021-25955 was published for dolibarr/dolibarr (Composer) Aug 30, 2021
Cross site scripting in FacturaScripts Critical
CVE-2022-1514 was published for facturascripts/facturascripts (Composer) Apr 29, 2022
Joplin is vulnerable to arbitrary code execution Critical
CVE-2022-35131 was published for joplin (npm) Jul 26, 2022
keycloak Self Stored Cross-site Scripting vulnerability Critical
CVE-2021-20195 was published for org.keycloak:keycloak-core (Maven) Jun 8, 2021
Valine code injection vulnerability Critical
CVE-2022-38545 was published for valine (npm) Sep 20, 2022
XSS via prototype pollution in NodeBB Critical
CVE-2021-43787 was published for nodebb (npm) Nov 30, 2021
paul-gerste-sonarsource
Cross site scripting vulnerability with discussion titles Critical
CVE-2022-41938 was published for flarum/core (Composer) Nov 21, 2022
dangzed
Cross-site Scripting (XSS) in Eclipse Theia Critical
CVE-2020-27224 was published for @theia/preview (npm) Apr 13, 2021
XSS Cross Site Scripting Critical
CVE-2021-29459 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 22, 2021
XSS vulnerability with translator Critical
CVE-2021-32671 was published for flarum/core (Composer) Jun 7, 2021
davwheat
Unsafe defaults in `remark-html` Critical
CVE-2021-39199 was published for remark-html (npm) Sep 7, 2021
matthieusieben
Gogs vulnerable to Cross-site Scripting Critical
CVE-2022-32174 was published for gogs.io/gogs (Go) Oct 11, 2022
ProTip! Advisories are also available from the GraphQL API