Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,414 advisories

Loading
Persistent XSS vulnerability in filename of attached file in PrivateBin Moderate
CVE-2020-5223 was published for privatebin/privatebin (Composer) Jan 14, 2020
Cross-Site Scripting in BookStack Moderate
CVE-2020-11055 was published for ssddanbrown/bookstack (Composer) May 7, 2020
XSS in Dolibarr Moderate
CVE-2020-13094 was published for dolibarr/dolibarr (Composer) May 21, 2020
Cross-site scripting in PHPMailer Moderate
CVE-2017-11503 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Sanitizer bypass in svg-sanitizer Moderate
CVE-2019-10772 was published for enshrined/svg-sanitize (Composer) Feb 27, 2020
Cross-Site Scripting in SVG Sanitizer Moderate
CVE-2020-11070 was published for t3g/svg-sanitizer (Composer) May 13, 2020
NeoBlack
Credited to NeoBlack
XSS vulnerability when listing users on add & modify server pages. Moderate
GHSA-5822-pw57-vv37 was published for pterodactyl/panel (Composer) Oct 8, 2020
sergejostir
Credited to sergejostir
Reflected XSS with parameters in PostComment Moderate
CVE-2020-26225 was published for prestashop/productcomments (Composer) Nov 16, 2020
my3ker
Credited to my3ker
Cross-Site Scripting in Grav Moderate
GHSA-cvmr-6428-87w9 was published for getgrav/grav (Composer) Dec 10, 2020
ShrubberyRubbery
Credited to ShrubberyRubbery
XSS vulnerability in company name field in Mautic Moderate
CVE-2018-11200 was published for mautic/core (Composer) Jan 19, 2021
joanbono alanhartless
Credited to joanbono and alanhartless
Authenticated Stored XSS in Administration Moderate
GHSA-f6p7-8xfw-fjqq was published for shopware/shopware (Composer) May 21, 2021
XSS in various backend modules due to (un)escaping in JS notification module Moderate
GHSA-jfxf-4frr-9j3q was published for neos/neos (Composer) May 25, 2022
XML-RPC for PHP's debugger vulnerable to possible XSS attack Moderate
GHSA-pxqj-xrv5-qvjf was published for phpxmlrpc/phpxmlrpc (Composer) Jan 11, 2023
OroCommerce vulnerable to XSS when adding class name to Selector Manager on pages that use GrapeJS editor Moderate
GHSA-6f85-3f8q-qc94 was published for oro/commerce (Composer) Jul 15, 2022
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0310 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0309 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0308 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0306 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
thorsten/phpmyfaq is vulnerable to cross-site scripting (XSS) Moderate
CVE-2023-0312 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ Reflected Cross-site Scripting vulnerability Moderate
CVE-2023-0314 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0313 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
pimcore is vulnerable to cross-site scripting via "title field " in data objects Moderate
CVE-2023-0323 was published for pimcore/pimcore (Composer) Jan 20, 2023
Cross-site Scripting in moodle Moderate
CVE-2021-43558 was published for moodle/moodle (Composer) Nov 23, 2021
Unrestricted file upload leads to stored cross-site scripting in Microweber Moderate
CVE-2022-0906 was published for microweber/microweber (Composer) Mar 11, 2022
Cross-site Scripting in ShowDoc Moderate
CVE-2022-0880 was published for showdoc/showdoc (Composer) Mar 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database