Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

40 advisories

Loading
Twisted vulnerable to NameVirtualHost Host header injection Moderate
CVE-2022-39348 was published for twisted (pip) Oct 26, 2022
westonsteimel
Possible XSS attack in Wagtail Moderate
CVE-2020-11001 was published for wagtail (pip) Apr 14, 2020
Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS Moderate
CVE-2024-47765 was published for dev-lancer/minecraft-motd-parser (Composer) Oct 4, 2024
Krymonota jgniecki
Umbraco CMS vulnerable to stored Cross-site Scripting in the "dictionary name" on Dictionary section Moderate
CVE-2024-47819 was published for @umbraco-cms/backoffice (npm) Oct 22, 2024
DuongPhamm
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field Moderate
CVE-2024-47536 was published for starcitizentools/citizen-skin (Composer) Sep 30, 2024
BlankEclair
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards Moderate
CVE-2022-25774 was published for mautic/core (Composer) Apr 12, 2024
Vautia
Craft CMS vulnerable to stored XSS in breadcrumb list and title fields Moderate
CVE-2024-45406 was published for craftcms/cms (Composer) Sep 9, 2024
amame04
TCPDF Cross-site Scripting vulnerability Moderate
CVE-2024-32489 was published for tecnickcom/tcpdf (Composer) Apr 15, 2024
WooCommerce has a Cross-Site Scripting (XSS) Vulnerability in checkout & registration forms Moderate
CVE-2024-37297 was published for woocommerce/woocommerce (Composer) Jun 12, 2024
Cross-site Scripting in ZenUML Moderate
CVE-2024-38527 was published for @zenuml/core (npm) Jun 26, 2024
Yash-Singh1
TokenController formName not sanitized in hidden input Moderate
CVE-2024-37156 was published for sulu/form-bundle (Composer) Jun 6, 2024
picturestone rogamoore
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload Moderate
CVE-2023-26046 was published for github.com/kitabisa/teler-waf (Go) Mar 1, 2023
aidilarf
phpxmlrpc/extra XSS in class documenting_xmlrpc_server Moderate
GHSA-ww6p-q26w-fr6m was published for phpxmlrpc/extras (Composer) May 20, 2024
static-web-server vulnerable to stored Cross-site Scripting in directory listings via file names Moderate
CVE-2024-32966 was published for static-web-server (Rust) May 1, 2024
palant joseluisq
phpMyFAQ Stored HTML Injection at contentLink Moderate
CVE-2024-28108 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin
hexo-theme-anzhiyu Cross-site Scripting vulnerability Moderate
CVE-2024-25865 was published for hexo-theme-anzhiyu (npm) Mar 3, 2024
Jetty Javascript Inclusion Vulnerability Moderate
CVE-2002-1533 was published for org.mortbay.jetty:jetty (Maven) Apr 30, 2022
Apache Tomcat XSS Vulnerability Moderate
CVE-2006-7195 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
phpMyFAQ vulnerable to stored XSS on attachments filename Moderate
CVE-2024-24574 was published for phpmyfaq/phpmyfaq (Composer) Feb 5, 2024
nikkoenggaliano
HTML Injection in Keycloak Admin REST API Moderate
CVE-2022-1274 was published for org.keycloak:keycloak-services (Maven) Mar 1, 2023
go package pydio cells vulnerable to cross-site scripting Moderate
CVE-2023-2981 was published for github.com/pydio/cells (Go) May 30, 2023
Critters Cross-site Scripting Vulnerability Moderate
CVE-2023-3481 was published for critters (npm) Aug 11, 2023
Craft CMS stored XSS in review volume Moderate
CVE-2023-33196 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
Craft CMS stored XSS in indexedVolumes Moderate
CVE-2023-33197 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
matrix-react-sdk vulnerable to XSS in Export Chat feature Moderate
CVE-2023-37259 was published for matrix-react-sdk (npm) Jul 18, 2023
ProTip! Advisories are also available from the GraphQL API