GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,461 advisories
Filter by severity
Microweber Cross Site Scripting (XSS) vulnerability
Moderate
CVE-2024-41380
was published
for
microweber/microweber
(Composer)
Aug 5, 2024
Microweber Cross Site Scripting (XSS) vulnerability
Moderate
CVE-2024-41381
was published
for
microweber/microweber
(Composer)
Aug 5, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting
Low
CVE-2024-4353
was published
for
concrete5/concrete5
(Composer)
Aug 1, 2024
eZ Platform Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget
Moderate
GHSA-gc5h-6jx9-q2qh
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
Jul 31, 2024
Ibexa Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget
Moderate
CVE-2024-39318
was published
for
ibexa/admin-ui
(Composer)
Jul 31, 2024
Bolt CMS Cross-site Scripting vulnerability
Moderate
CVE-2024-7300
was published
for
bolt/bolt
(Composer)
Jul 31, 2024
Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs
Moderate
CVE-2024-41676
was published
for
openmage/magento-lts
(Composer)
Jul 29, 2024
ICEcoder vulnerable to Cross Site Scripting
High
CVE-2024-41374
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
ICEcoder vulnerable to Cross Site Scripting
High
CVE-2024-41375
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar
Moderate
CVE-2024-47069
was published
for
oveleon/contao-cookiebar
(Composer)
Jul 26, 2024
Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places
Moderate
CVE-2024-41709
was published
for
backdrop/backdrop
(Composer)
Jul 22, 2024
Silverstripe uses TinyMCE which allows svg files linked in object tags
Moderate
GHSA-52cw-pvq9-9m5v
was published
for
silverstripe/framework
(Composer)
Jul 17, 2024
Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload
Moderate
CVE-2024-32981
was published
for
silverstripe/framework
(Composer)
Jul 17, 2024
Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting
Moderate
CVE-2023-6813
was published
for
auth0/wordpress
(Composer)
Jul 11, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6484
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6531
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
BookStack Incorrect Access Control vulnerability
High
CVE-2024-36676
was published
for
ssddanbrown/bookstack
(Composer)
Jul 10, 2024
October System module has a Reflected XSS via X-October-Request-Handler Header
Low
CVE-2024-25637
was published
for
october/system
(Composer)
Jun 26, 2024
Cross site scripting in opencart
Moderate
CVE-2024-21517
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Cross site scripting in opencart
Moderate
CVE-2024-21515
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Cross site scripting in opencart
Moderate
CVE-2024-21516
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Moderate
CVE-2024-38356
was published
for
TinyMCE
(Composer)
Jun 19, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Moderate
CVE-2024-38357
was published
for
TinyMCE
(Composer)
Jun 19, 2024
Moodle stored XSS via calendar's event title when deleting the event
Moderate
CVE-2024-38274
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Magento Open Source Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-34105
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
ProTip!
Advisories are also available from the
GraphQL API