Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

14 advisories

Loading
Cross-site scripting (XSS) from image block content in the site frontend Moderate
CVE-2021-41258 was published for getkirby/cms (Composer) Nov 16, 2021
azrultech
Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/sylius Moderate
CVE-2022-24749 was published for Sylius/Sylius (Composer) Mar 14, 2022
Ocramius
Craft CMS stored XSS in review volume Moderate
CVE-2023-33196 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
Craft CMS stored XSS in indexedVolumes Moderate
CVE-2023-33197 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
phpMyFAQ vulnerable to stored XSS on attachments filename Moderate
CVE-2024-24574 was published for phpmyfaq/phpmyfaq (Composer) Feb 5, 2024
nikkoenggaliano
phpMyFAQ Stored HTML Injection at contentLink Moderate
CVE-2024-28108 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards Moderate
CVE-2022-25774 was published for mautic/core (Composer) Apr 12, 2024
Vautia
TCPDF Cross-site Scripting vulnerability Moderate
CVE-2024-32489 was published for tecnickcom/tcpdf (Composer) Apr 15, 2024
phpxmlrpc/extra XSS in class documenting_xmlrpc_server Moderate
GHSA-ww6p-q26w-fr6m was published for phpxmlrpc/extras (Composer) May 20, 2024
TokenController formName not sanitized in hidden input Moderate
CVE-2024-37156 was published for sulu/form-bundle (Composer) Jun 6, 2024
picturestone rogamoore
WooCommerce has a Cross-Site Scripting (XSS) Vulnerability in checkout & registration forms Moderate
CVE-2024-37297 was published for woocommerce/woocommerce (Composer) Jun 12, 2024
Craft CMS vulnerable to stored XSS in breadcrumb list and title fields Moderate
CVE-2024-45406 was published for craftcms/cms (Composer) Sep 9, 2024
amame04
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field Moderate
CVE-2024-47536 was published for starcitizentools/citizen-skin (Composer) Sep 30, 2024
BlankEclair
Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS Moderate
CVE-2024-47765 was published for dev-lancer/minecraft-motd-parser (Composer) Oct 4, 2024
Krymonota jgniecki
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database