GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,170
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
834
Swift
35
Unreviewed advisories
All unreviewed
5,000+
84 advisories
Filter by severity
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name
High
CVE-2024-47524
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
Mautic vulnerable to stored cross-site scripting in description field
High
CVE-2021-27915
was published
for
mautic/core
(Composer)
Apr 11, 2024
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped
High
CVE-2024-45592
was published
for
damienharper/auditor-bundle
(Composer)
Sep 10, 2024
Persistent Cross-site Scripting in Ibexa RichText Field Type
High
CVE-2024-43369
was published
for
ibexa/fieldtype-richtext
(Composer)
Aug 14, 2024
Persistent Cross-site Scripting in eZ Platform Rich Text Field Type
High
CVE-2024-43372
was published
for
ezsystems/ezplatform-richtext
(Composer)
Aug 14, 2024
BookStack Incorrect Access Control vulnerability
High
CVE-2024-36676
was published
for
ssddanbrown/bookstack
(Composer)
Jul 10, 2024
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API
High
GHSA-x428-565f-8xj2
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Passbolt API Stored XSS on first/last name during setup
High
GHSA-2f46-4xjm-73x5
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
Cross-site Scripting vulnerabilities in Neos
High
GHSA-6cj3-rc4p-f38f
was published
for
neos/neos
(Composer)
May 17, 2024
eZ Platform Admin UI Cross-site Scripting vulnerability
High
GHSA-q73v-79x3-jv2w
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
May 15, 2024
Cross-site Scripting in eZFind spellcheck
High
GHSA-9cq2-pcgr-8h62
was published
for
ezsystems/ezfind-ls
(Composer)
May 15, 2024
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS
High
GHSA-jq9q-6p42-qpr7
was published
for
ezsystems/ezdemo-ls-extension
(Composer)
May 15, 2024
Yii Framework reflected Cross-site Scripting
High
CVE-2018-6010
was published
for
yiisoft/yii2
(Composer)
May 13, 2022
Moodle Stored Cross-site Scripting and page denial of service
High
CVE-2022-40313
was published
for
moodle/moodle
(Composer)
Oct 1, 2022
LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS
High
CVE-2024-32479
was published
for
librenms/librenms
(Composer)
Apr 22, 2024
Cross site scripting via canonical tag in Contao
High
CVE-2022-24899
was published
for
contao/contao
(Composer)
May 20, 2022
Dolibarr Application Home Page has HTML injection vulnerability
High
CVE-2024-23817
was published
for
dolibarr/dolibarr
(Composer)
Apr 18, 2024
October CMS Cross-site Scripting vulnerability
High
CVE-2023-25365
was published
for
october/october
(Composer)
Feb 9, 2024
Statmic CMS vulnerable to account takeover via XSS and password reset link
High
CVE-2024-24570
was published
for
statamic/cms
(Composer)
Feb 1, 2024
Cross-Site Scripting through Fluid view helper arguments
High
CVE-2020-26216
was published
for
typo3fluid/fluid
(Composer)
Nov 18, 2020
Stored XSS vulnerability on Bounce Management Callback
High
CVE-2021-27910
was published
for
mautic/core
(Composer)
Sep 1, 2021
XSS vulnerability on contacts view
High
CVE-2021-27911
was published
for
mautic/core
(Composer)
Sep 1, 2021
XSS vulnerability on asset view
High
CVE-2021-27912
was published
for
mautic/core
(Composer)
Sep 1, 2021
smarty Cross-site Scripting vulnerability in Javascript escaping
High
CVE-2023-28447
was published
for
smarty/smarty
(Composer)
Mar 29, 2023
ProTip!
Advisories are also available from the
GraphQL API