GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
84 advisories
Filter by severity
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name
High
CVE-2024-47524
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped
High
CVE-2024-45592
was published
for
damienharper/auditor-bundle
(Composer)
Sep 10, 2024
Persistent Cross-site Scripting in eZ Platform Rich Text Field Type
High
CVE-2024-43372
was published
for
ezsystems/ezplatform-richtext
(Composer)
Aug 14, 2024
Persistent Cross-site Scripting in Ibexa RichText Field Type
High
CVE-2024-43369
was published
for
ibexa/fieldtype-richtext
(Composer)
Aug 14, 2024
BookStack Incorrect Access Control vulnerability
High
CVE-2024-36676
was published
for
ssddanbrown/bookstack
(Composer)
Jul 10, 2024
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API
High
GHSA-x428-565f-8xj2
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Passbolt API Stored XSS on first/last name during setup
High
GHSA-2f46-4xjm-73x5
was published
for
passbolt/passbolt_api
(Composer)
May 20, 2024
Cross-site Scripting vulnerabilities in Neos
High
GHSA-6cj3-rc4p-f38f
was published
for
neos/neos
(Composer)
May 17, 2024
eZ Platform Admin UI Cross-site Scripting vulnerability
High
GHSA-q73v-79x3-jv2w
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
May 15, 2024
Cross-site Scripting in eZFind spellcheck
High
GHSA-9cq2-pcgr-8h62
was published
for
ezsystems/ezfind-ls
(Composer)
May 15, 2024
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS
High
GHSA-jq9q-6p42-qpr7
was published
for
ezsystems/ezdemo-ls-extension
(Composer)
May 15, 2024
LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS
High
CVE-2024-32479
was published
for
librenms/librenms
(Composer)
Apr 22, 2024
Dolibarr Application Home Page has HTML injection vulnerability
High
CVE-2024-23817
was published
for
dolibarr/dolibarr
(Composer)
Apr 18, 2024
Mautic vulnerable to stored cross-site scripting in description field
High
CVE-2021-27915
was published
for
mautic/core
(Composer)
Apr 11, 2024
October CMS Cross-site Scripting vulnerability
High
CVE-2023-25365
was published
for
october/october
(Composer)
Feb 9, 2024
Statmic CMS vulnerable to account takeover via XSS and password reset link
High
CVE-2024-24570
was published
for
statamic/cms
(Composer)
Feb 1, 2024
PrestaShop some attribute not escaped in Validate::isCleanHTML method
High
CVE-2024-21627
was published
for
prestashop/prestashop
(Composer)
Jan 3, 2024
Magento LTS vulnerable to Stored XSS via TinyMCE WYSIWYG Editor
High
GHSA-9j5w-2cqc-cwj9
was published
for
openmage/magento-lts
(Composer)
Dec 8, 2023
Cross-site Scripting via uploaded assets
High
CVE-2023-48701
was published
for
statamic/cms
(Composer)
Nov 22, 2023
phpMyFAQ Cross-site Scripting vulnerability
High
CVE-2023-5864
was published
for
thorsten/phpmyfaq
(Composer)
Oct 31, 2023
phpMyFAQ Cross-site Scripting vulnerability
High
CVE-2023-5319
was published
for
thorsten/phpmyfaq
(Composer)
Sep 30, 2023
Cross site scripting in librenms
High
CVE-2023-5060
was published
for
librenms/librenms
(Composer)
Sep 19, 2023
Cockpit Cross-site Scripting vulnerability
High
CVE-2023-4432
was published
for
cockpit-hq/cockpit
(Composer)
Aug 19, 2023
Cockpit Cross-site Scripting vulnerability
High
CVE-2023-4433
was published
for
cockpit-hq/cockpit
(Composer)
Aug 19, 2023
Cockpit Cross-site Scripting vulnerability
High
CVE-2023-4395
was published
for
cockpit-hq/cockpit
(Composer)
Aug 17, 2023
ProTip!
Advisories are also available from the
GraphQL API