Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

27 advisories

Loading
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony Critical
CVE-2019-10913 was published for symfony/http-foundation (Composer) Dec 2, 2019
XSS vulnerability leveraged through referrers could allow un-authorized admin access in Mautic Critical
CVE-2020-35124 was published for mautic/core (Composer) Jan 19, 2021
nvn1729
XSS vulnerability with translator Critical
CVE-2021-32671 was published for flarum/core (Composer) Jun 7, 2021
davwheat
Dolibarr Cross-site Scripting vulnerability Critical
CVE-2021-25955 was published for dolibarr/dolibarr (Composer) Aug 30, 2021
Cross-site Scripting in showdoc/showdoc Critical
CVE-2022-0960 was published for showdoc/showdoc (Composer) Mar 15, 2022
Remote code injection in dompdf/dompdf Critical
CVE-2022-28368 was published for dompdf/dompdf (Composer) Apr 4, 2022
Cross site scripting in facturascripts Critical
CVE-2022-1457 was published for neorazorx/facturascripts (Composer) Apr 26, 2022
Cross site scripting in FacturaScripts Critical
CVE-2022-1514 was published for facturascripts/facturascripts (Composer) Apr 29, 2022
Dolibarr Cross-site Scripting via the qty parameter in product/fournisseurs.php Critical
CVE-2019-19212 was published for dolibarr/dolibarr (Composer) May 24, 2022
Magento DOM-based Cross-site scripting vulnerability Critical
CVE-2020-9691 was published for magento/community-edition (Composer) May 24, 2022
Mautic stored Cross-site Scripting (XSS) Critical
CVE-2020-35128 was published for mautic/core (Composer) May 24, 2022
Mautic stored Cross-site Scripting (XSS) Critical
CVE-2020-35129 was published for mautic/core (Composer) May 24, 2022
Cross-site Scripting vulnerability in Mautic's tracking pixel functionality Critical
CVE-2022-25772 was published for mautic/core (Composer) May 25, 2022
mollux
ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS) Critical
GHSA-58h5-h554-429q was published for ezsystems/ezplatform-admin-ui (Composer) Nov 10, 2022
Cross site scripting vulnerability with discussion titles Critical
CVE-2022-41938 was published for flarum/core (Composer) Nov 21, 2022
dangzed
PyroCMS vulnerable to stored Cross Site Scripting Critical
CVE-2022-37721 was published for pyrocms/pyrocms (Composer) Nov 25, 2022
AVideo contains Command injection when embedding a video link Critical
CVE-2023-25313 was published for wwbn/avideo (Composer) Feb 2, 2023
gonzxph
tinymighty WikiSEO is vulnerable to cross-site scripting via modifyHTML function Critical
CVE-2015-10073 was published for tinymighty/wiki-seo (Composer) Feb 6, 2023
Cross-site Scripting in kimai/kimai Critical
CVE-2020-19825 was published for kimai/kimai (Composer) Feb 16, 2023
Duplicate Advisory: AVideo contains Command injection when embedding a video link Critical
GHSA-wj6r-53f5-q789 was published for wwbn/avideo (Composer) Apr 25, 2023 withdrawn
TeamPass vulnerable to stored Cross-site Scripting Critical
CVE-2023-3086 was published for nilsteampassnet/teampass (Composer) Jun 3, 2023
Cross Site Scripting vulnerability in Dolibarr ERP CRM Critical
CVE-2023-38888 was published for dolibarr/dolibarr (Composer) Sep 20, 2023
phpMyFAQ Cross-site Scripting vulnerability Critical
CVE-2023-5320 was published for thorsten/phpmyfaq (Composer) Sep 30, 2023
phpMyFAQ Cross-site Scripting vulnerability Critical
CVE-2023-5316 was published for thorsten/phpmyfaq (Composer) Sep 30, 2023
Blind XSS Leading to Froxlor Application Compromise Critical
CVE-2024-34070 was published for froxlor/froxlor (Composer) May 10, 2024
UmerAdeemCheema
ProTip! Advisories are also available from the GraphQL API