GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
26,725 advisories
Filter by severity
SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS.
Moderate
Unreviewed
CVE-2021-43977
was published
Nov 17, 2021
Authenticated Persistent Cross-Site Scripting (XSS) vulnerability discovered in WordPress Backup...
Moderate
Unreviewed
CVE-2021-36884
was published
Nov 20, 2021
The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site...
Moderate
Unreviewed
CVE-2021-42363
was published
Nov 20, 2021
The "WPO365 | LOGIN" WordPress plugin (up to and including version 15.3) by wpo365.com is...
Moderate
Unreviewed
CVE-2021-43409
was published
Nov 20, 2021
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector...
Moderate
Unreviewed
CVE-2021-40131
was published
Nov 20, 2021
OX App Suite 7.10.5 allows XSS via an OX Chat system message.
Moderate
Unreviewed
CVE-2021-33495
was published
Nov 23, 2021
OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e...
Moderate
Unreviewed
CVE-2021-38375
was published
Nov 23, 2021
OX App Suite through 7.10.5 allows XSS via JavaScript code in an anchor HTML comment within...
Moderate
Unreviewed
CVE-2021-38377
was published
Nov 23, 2021
OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file.
Moderate
Unreviewed
CVE-2021-33489
was published
Nov 23, 2021
OX App Suite 7.10.5 allows XSS via an OX Chat room title during typing rendering.
Moderate
Unreviewed
CVE-2021-33494
was published
Nov 23, 2021
OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature.
Moderate
Unreviewed
CVE-2021-33490
was published
Nov 23, 2021
Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a...
Moderate
Unreviewed
CVE-2021-37999
was published
Nov 24, 2021
The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic...
Moderate
Unreviewed
CVE-2021-24875
was published
Nov 24, 2021
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a...
Moderate
Unreviewed
CVE-2021-31852
was published
Nov 24, 2021
The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does not sanitise the Grid...
Moderate
Unreviewed
CVE-2021-24729
was published
Nov 24, 2021
The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link...
Moderate
Unreviewed
CVE-2021-24812
was published
Nov 24, 2021
The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings...
Moderate
Unreviewed
CVE-2021-24830
was published
Nov 24, 2021
Cross-site scripting vulnerability in Booking Package - Appointment Booking Calendar System...
Moderate
Unreviewed
CVE-2021-20840
was published
Nov 25, 2021
Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome...
Moderate
Unreviewed
CVE-2021-36919
was published
Nov 27, 2021
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Floating...
Moderate
Unreviewed
CVE-2021-36843
was published
Nov 27, 2021
Cross-site scripting (XSS) was possible in notification pop-ups. The following products are...
Moderate
Unreviewed
CVE-2021-44201
was published
Nov 30, 2021
Stored cross-site scripting (XSS) was possible in activity details. The following products are...
Moderate
Unreviewed
CVE-2021-44202
was published
Nov 30, 2021
Stored cross-site scripting (XSS) was possible in protection plan details. The following products...
Moderate
Unreviewed
CVE-2021-44203
was published
Nov 30, 2021
Self cross-site scripting (XSS) was possible on devices page. The following products are affected...
Moderate
Unreviewed
CVE-2021-44200
was published
Nov 30, 2021
ProTip!
Advisories are also available from the
GraphQL API