GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
87 advisories
Filter by severity
Funadmin Cross-site Scripting vulnerability
Low
CVE-2024-48228
was published
for
funadmin/funadmin
(Composer)
Oct 26, 2024
Admidio Vulnerable to HTML Injection In The Messages Section
Low
CVE-2024-47836
was published
for
admidio/admidio
(Composer)
Oct 16, 2024
Contao allows admin an account to upload SVG file containing malicious JavaScript
Low
CVE-2024-45965
was published
for
contao/contao
(Composer)
Oct 2, 2024
Zenario allows authenticated admin users to upload PDF files containing malicious code
Low
CVE-2024-45960
was published
for
tribalsystems/zenario
(Composer)
Oct 2, 2024
October allows an admin account to upload PDF containing malicious JavaScript
Low
CVE-2024-45962
was published
for
october/october
(Composer)
Oct 2, 2024
Zenario Cross Site Scripting in the Image library
Low
CVE-2024-45964
was published
for
tribalsystems/zenario
(Composer)
Oct 2, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
Low
CVE-2024-47528
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature
Low
CVE-2024-47526
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
Cross site scripting in Concrete CMS
Low
CVE-2024-7398
was published
for
concrete5/concrete5
(Composer)
Sep 25, 2024
Cross site scripting in Concrete CMS
Low
CVE-2024-8291
was published
for
concrete5/concrete5
(Composer)
Sep 25, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting
Low
CVE-2024-7512
was published
for
concrete5/concrete5
(Composer)
Aug 12, 2024
Concrete CMS Stored Cross-site Scripting vulnerability
Low
CVE-2024-4350
was published
for
concrete5/concrete5
(Composer)
Aug 12, 2024
Concrete CMS Stored XSS in getAttributeSetName
Low
CVE-2024-7394
was published
for
concrete5/concrete5
(Composer)
Aug 8, 2024
October System module has a Reflected XSS via X-October-Request-Handler Header
Low
CVE-2024-25637
was published
for
october/system
(Composer)
Jun 26, 2024
Silverstripe admin XSS Vulnerability via WYSIWYG editor
Low
GHSA-779c-7w4p-2c4g
was published
for
silverstripe/admin
(Composer)
May 22, 2024
TYPO3 vulnerable to an HTML Injection in the History Module
Low
CVE-2024-34355
was published
for
typo3/cms-core
(Composer)
May 14, 2024
Concrete CMS Stored XSS in blocks of type file
Low
CVE-2024-3180
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
Low
CVE-2024-3178
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Stored XSS in the Search Field
Low
CVE-2024-3181
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Stored XSS in the Custom Class page editing
Low
CVE-2024-3179
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Stored XSS on the calendar color settings screen
Low
CVE-2024-2753
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
RosarioSIS cross site scripting vulnerability
Low
CVE-2024-3138
was published
for
francoisjacquet/rosariosis
(Composer)
Apr 2, 2024
Concrete CMS Stored Cross-site Scripting vulnerability
Low
CVE-2024-2179
was published
for
concrete5/concrete5
(Composer)
Mar 5, 2024
Concrete CMS vulnerable to stored XSS via the Role Name field
Low
CVE-2024-1247
was published
for
concrete5/concrete5
(Composer)
Feb 9, 2024
Concrete CMS vulnerable to stored XSS in file tags and description attributes
Low
CVE-2024-1245
was published
for
concrete5/concrete5
(Composer)
Feb 9, 2024
ProTip!
Advisories are also available from the
GraphQL API