Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+

84 advisories

Loading
XSS in enshrined/svg-sanitize due to mishandled script and data values in attributes High
CVE-2019-18857 was published for enshrined/svg-sanitize (Composer) Jan 8, 2020
ohader
Cross-site scripting in eZ Platform Kernel High
GHSA-mrvj-7q4f-5p42 was published for ezsystems/ezplatform-kernel (Composer) Mar 19, 2021
Inline attribute values were not processed. High
CVE-2020-15263 was published for orchid/platform (Composer) Oct 19, 2020
Potential XSS injection In PrestaShop contactform High
CVE-2020-15178 was published for prestashop/contactform (Composer) Sep 15, 2020
Cross-site scripting from content entered in the tags and multiselect fields High
GHSA-rv3r-vqjj-8c76 was published for getkirby/cms (Composer) Aug 30, 2022
Cross-site Scripting in microweber High
CVE-2022-0930 was published for microweber/microweber (Composer) Mar 13, 2022
Stored Cross-site Scripting in grav High
CVE-2022-0970 was published for getgrav/grav (Composer) Mar 16, 2022
Cross-site Scripting in TastyIgniter High
CVE-2022-0602 was published for tastyigniter/tastyigniter (Composer) Apr 6, 2022
Persistent Cross-site Scripting vulnerability in PrivateBin High
CVE-2022-24833 was published for privatebin/privatebin (Composer) Apr 12, 2022
Possible cross-site scripting attack via unsanitized SVG files in FoF Upload High
CVE-2022-30999 was published for fof/upload (Composer) May 25, 2022
Caesar302
The filename of uploaded files vulnerable to stored XSS High
CVE-2020-4041 was published for bolt/bolt (Composer) Jun 9, 2020
staz0t
Cross-site scripting (XSS) from unsanitized uploaded SVG files in Kirby High
CVE-2021-29460 was published for getkirby/cms (Composer) Apr 30, 2021
sreenathr10
XSS in doc_link High
CVE-2021-29625 was published for vrana/adminer (Composer) Mar 18, 2022
stypr
Improper Neutralization of Text-Values in Object Version Preview High
CVE-2021-39166 was published for pimcore/pimcore (Composer) Sep 1, 2021
Improper Encoding or Escaping of Output in Asset Metadata Component High
CVE-2021-39170 was published for pimcore/pimcore (Composer) Sep 1, 2021
Cross-Site Scripting via SVG media files High
CVE-2021-37710 was published for shopware/core (Composer) Aug 23, 2021
Cross-site Scripting in snipe/snipe-it High
CVE-2021-3961 was published for snipe/snipe-it (Composer) Nov 23, 2021
Cross-site scripting vulnerability in file upload High
CVE-2021-39136 was published for baserproject/basercms (Composer) Aug 30, 2021
kimai2 is vulnerable to Cross-site Scripting High
CVE-2021-3985 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
Cross-site Scripting in librenms/librenms High
CVE-2022-4068 was published for librenms/librenms (Composer) Nov 20, 2022
phpMyFAQ vulnerable to Cross-site Scripting High
CVE-2022-3608 was published for phpmyfaq/phpmyfaq (Composer) Oct 19, 2022
Sandbox bypass in Latte templates High
CVE-2022-21648 was published for latte/latte (Composer) Jan 6, 2022
Cross-site Scripting in HTML2PDF High
CVE-2021-45394 was published for spipu/html2pdf (Composer) Jan 21, 2022
Cross-site Scripting in Microweber High
CVE-2022-0719 was published for microweber/microweber (Composer) Feb 24, 2022
Cross-site Scripting in microweber High
CVE-2022-0690 was published for microweber/microweber (Composer) Feb 20, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database