Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,643
NuGet
638
pip
3,259
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

83 advisories

Loading
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped High
CVE-2024-45592 was published for damienharper/auditor-bundle (Composer) Sep 10, 2024
fkropfhamer
Persistent Cross-site Scripting in eZ Platform Rich Text Field Type High
CVE-2024-43372 was published for ezsystems/ezplatform-richtext (Composer) Aug 14, 2024
4rdr
Persistent Cross-site Scripting in Ibexa RichText Field Type High
CVE-2024-43369 was published for ibexa/fieldtype-richtext (Composer) Aug 14, 2024
4rdr
BookStack Incorrect Access Control vulnerability High
CVE-2024-36676 was published for ssddanbrown/bookstack (Composer) Jul 10, 2024
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API High
GHSA-x428-565f-8xj2 was published for typo3/cms-core (Composer) May 30, 2024
Passbolt API Stored XSS on first/last name during setup High
GHSA-2f46-4xjm-73x5 was published for passbolt/passbolt_api (Composer) May 20, 2024
Cross-site Scripting vulnerabilities in Neos High
GHSA-6cj3-rc4p-f38f was published for neos/neos (Composer) May 17, 2024
eZ Platform Admin UI Cross-site Scripting vulnerability High
GHSA-q73v-79x3-jv2w was published for ezsystems/ezplatform-admin-ui (Composer) May 15, 2024
Cross-site Scripting in eZFind spellcheck High
GHSA-9cq2-pcgr-8h62 was published for ezsystems/ezfind-ls (Composer) May 15, 2024
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS High
GHSA-jq9q-6p42-qpr7 was published for ezsystems/ezdemo-ls-extension (Composer) May 15, 2024
LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS High
CVE-2024-32479 was published for librenms/librenms (Composer) Apr 22, 2024
rook1337
Dolibarr Application Home Page has HTML injection vulnerability High
CVE-2024-23817 was published for dolibarr/dolibarr (Composer) Apr 18, 2024
saimanikanta1992
Mautic vulnerable to stored cross-site scripting in description field High
CVE-2021-27915 was published for mautic/core (Composer) Apr 11, 2024
October CMS Cross-site Scripting vulnerability High
CVE-2023-25365 was published for october/october (Composer) Feb 9, 2024
Statmic CMS vulnerable to account takeover via XSS and password reset link High
CVE-2024-24570 was published for statamic/cms (Composer) Feb 1, 2024
sec-consult
PrestaShop some attribute not escaped in Validate::isCleanHTML method High
CVE-2024-21627 was published for prestashop/prestashop (Composer) Jan 3, 2024
Antonio-R1 antoniospataro
matthieu-rolland AureRita boherm matks
Magento LTS vulnerable to Stored XSS via TinyMCE WYSIWYG Editor High
GHSA-9j5w-2cqc-cwj9 was published for openmage/magento-lts (Composer) Dec 8, 2023
halitAKAYDIN
Cross-site Scripting via uploaded assets High
CVE-2023-48701 was published for statamic/cms (Composer) Nov 22, 2023
Cyber-Wo0dy
phpMyFAQ Cross-site Scripting vulnerability High
CVE-2023-5864 was published for thorsten/phpmyfaq (Composer) Oct 31, 2023
phpMyFAQ Cross-site Scripting vulnerability High
CVE-2023-5319 was published for thorsten/phpmyfaq (Composer) Sep 30, 2023
Cross site scripting in librenms High
CVE-2023-5060 was published for librenms/librenms (Composer) Sep 19, 2023
Cockpit Cross-site Scripting vulnerability High
CVE-2023-4433 was published for cockpit-hq/cockpit (Composer) Aug 19, 2023
Cockpit Cross-site Scripting vulnerability High
CVE-2023-4432 was published for cockpit-hq/cockpit (Composer) Aug 19, 2023
Cockpit Cross-site Scripting vulnerability High
CVE-2023-4395 was published for cockpit-hq/cockpit (Composer) Aug 17, 2023
LibreNMS Cross-site Scripting vulnerability High
CVE-2023-4347 was published for librenms/librenms (Composer) Aug 15, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database