Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,651
Erlang
34
GitHub Actions
26
Go
2,252
Maven
5,000+
npm
3,904
NuGet
702
pip
3,676
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

123 advisories

Loading
Magento Open Source allows Cross-Site Scripting (XSS) High
CVE-2024-20719 was published for magento/community-edition (Composer) Feb 15, 2024
October CMS Cross-site Scripting vulnerability High
CVE-2023-25365 was published for october/october (Composer) Feb 9, 2024
Statmic CMS vulnerable to account takeover via XSS and password reset link High
CVE-2024-24570 was published for statamic/cms (Composer) Feb 1, 2024
sec-consult
PrestaShop some attribute not escaped in Validate::isCleanHTML method High
CVE-2024-21627 was published for prestashop/prestashop (Composer) Jan 3, 2024
Antonio-R1 antoniospataro
matthieu-rolland AureRita boherm matks
Magento LTS vulnerable to Stored XSS via TinyMCE WYSIWYG Editor High
GHSA-9j5w-2cqc-cwj9 was published for openmage/magento-lts (Composer) Dec 8, 2023
halitAKAYDIN
Cross-site Scripting via uploaded assets High
CVE-2023-48701 was published for statamic/cms (Composer) Nov 22, 2023
Cyber-Wo0dy
phpMyFAQ Cross-site Scripting vulnerability High
CVE-2023-5864 was published for thorsten/phpmyfaq (Composer) Oct 31, 2023
phpMyFAQ Cross-site Scripting vulnerability High
CVE-2023-5319 was published for thorsten/phpmyfaq (Composer) Sep 30, 2023
Cross site scripting in librenms High
CVE-2023-5060 was published for librenms/librenms (Composer) Sep 19, 2023
Cockpit Cross-site Scripting vulnerability High
CVE-2023-4432 was published for cockpit-hq/cockpit (Composer) Aug 19, 2023
Cockpit Cross-site Scripting vulnerability High
CVE-2023-4433 was published for cockpit-hq/cockpit (Composer) Aug 19, 2023
Cockpit Cross-site Scripting vulnerability High
CVE-2023-4395 was published for cockpit-hq/cockpit (Composer) Aug 17, 2023
LibreNMS Cross-site Scripting vulnerability High
CVE-2023-4347 was published for librenms/librenms (Composer) Aug 15, 2023
Cockpit Cross-site Scripting vulnerability High
CVE-2023-4321 was published for cockpit-hq/cockpit (Composer) Aug 14, 2023
Cockpit Cross-site Scripting vulnerability High
CVE-2023-4196 was published for cockpit-hq/cockpit (Composer) Aug 6, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability High
CVE-2023-4007 was published for thorsten/phpmyfaq (Composer) Jul 31, 2023
TeamPass Cross-site Scripting vulnerability High
CVE-2023-3531 was published for nilsteampassnet/teampass (Composer) Jul 6, 2023
TeamPass vulnerable to stored Cross-site Scripting High
CVE-2023-3084 was published for nilsteampassnet/teampass (Composer) Jun 3, 2023
TeamPass vulnerable to stored Cross-site Scripting High
CVE-2023-3083 was published for nilsteampassnet/teampass (Composer) Jun 3, 2023
teampass vulnerable to code injection High
CVE-2023-2591 was published for nilsteampassnet/teampass (Composer) May 9, 2023
Cross Site Scripting in thorsten/phpmyfaq High
CVE-2023-2550 was published for thorsten/phpmyfaq (Composer) May 5, 2023
WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account High
CVE-2023-30860 was published for wwbn/avideo (Composer) May 1, 2023
gonzxph
Cross site scripting (XSS) in wwbn/avideo High
GHSA-2fch-hv74-fgw9 was published for wwbn/avideo (Composer) Apr 26, 2023
gonzxph
Possible XSS injection through Validate::isCleanHTML method High
CVE-2023-30838 was published for prestashop/prestashop (Composer) Apr 25, 2023
touchweb-vincent
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via adminlog High
CVE-2023-1878 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database