Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

84 advisories

Loading
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name High
CVE-2024-47524 was published for librenms/librenms (Composer) Oct 1, 2024
minhnq1618
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped High
CVE-2024-45592 was published for damienharper/auditor-bundle (Composer) Sep 10, 2024
fkropfhamer
Persistent Cross-site Scripting in eZ Platform Rich Text Field Type High
CVE-2024-43372 was published for ezsystems/ezplatform-richtext (Composer) Aug 14, 2024
4rdr
Persistent Cross-site Scripting in Ibexa RichText Field Type High
CVE-2024-43369 was published for ibexa/fieldtype-richtext (Composer) Aug 14, 2024
4rdr
BookStack Incorrect Access Control vulnerability High
CVE-2024-36676 was published for ssddanbrown/bookstack (Composer) Jul 10, 2024
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API High
GHSA-x428-565f-8xj2 was published for typo3/cms-core (Composer) May 30, 2024
Passbolt API Stored XSS on first/last name during setup High
GHSA-2f46-4xjm-73x5 was published for passbolt/passbolt_api (Composer) May 20, 2024
Cross-site Scripting vulnerabilities in Neos High
GHSA-6cj3-rc4p-f38f was published for neos/neos (Composer) May 17, 2024
eZ Platform Admin UI Cross-site Scripting vulnerability High
GHSA-q73v-79x3-jv2w was published for ezsystems/ezplatform-admin-ui (Composer) May 15, 2024
Cross-site Scripting in eZFind spellcheck High
GHSA-9cq2-pcgr-8h62 was published for ezsystems/ezfind-ls (Composer) May 15, 2024
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS High
GHSA-jq9q-6p42-qpr7 was published for ezsystems/ezdemo-ls-extension (Composer) May 15, 2024
LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS High
CVE-2024-32479 was published for librenms/librenms (Composer) Apr 22, 2024
rook1337
Dolibarr Application Home Page has HTML injection vulnerability High
CVE-2024-23817 was published for dolibarr/dolibarr (Composer) Apr 18, 2024
saimanikanta1992
Mautic vulnerable to stored cross-site scripting in description field High
CVE-2021-27915 was published for mautic/core (Composer) Apr 11, 2024
October CMS Cross-site Scripting vulnerability High
CVE-2023-25365 was published for october/october (Composer) Feb 9, 2024
Statmic CMS vulnerable to account takeover via XSS and password reset link High
CVE-2024-24570 was published for statamic/cms (Composer) Feb 1, 2024
sec-consult
PrestaShop some attribute not escaped in Validate::isCleanHTML method High
CVE-2024-21627 was published for prestashop/prestashop (Composer) Jan 3, 2024
Antonio-R1 antoniospataro
matthieu-rolland AureRita boherm matks
Magento LTS vulnerable to Stored XSS via TinyMCE WYSIWYG Editor High
GHSA-9j5w-2cqc-cwj9 was published for openmage/magento-lts (Composer) Dec 8, 2023
halitAKAYDIN
Cross-site Scripting via uploaded assets High
CVE-2023-48701 was published for statamic/cms (Composer) Nov 22, 2023
Cyber-Wo0dy
phpMyFAQ Cross-site Scripting vulnerability High
CVE-2023-5864 was published for thorsten/phpmyfaq (Composer) Oct 31, 2023
phpMyFAQ Cross-site Scripting vulnerability High
CVE-2023-5319 was published for thorsten/phpmyfaq (Composer) Sep 30, 2023
Cross site scripting in librenms High
CVE-2023-5060 was published for librenms/librenms (Composer) Sep 19, 2023
Cockpit Cross-site Scripting vulnerability High
CVE-2023-4432 was published for cockpit-hq/cockpit (Composer) Aug 19, 2023
Cockpit Cross-site Scripting vulnerability High
CVE-2023-4433 was published for cockpit-hq/cockpit (Composer) Aug 19, 2023
Cockpit Cross-site Scripting vulnerability High
CVE-2023-4395 was published for cockpit-hq/cockpit (Composer) Aug 17, 2023
ProTip! Advisories are also available from the GraphQL API