Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,651
Erlang
34
GitHub Actions
26
Go
2,252
Maven
5,000+
npm
3,904
NuGet
702
pip
3,676
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

213 advisories

Loading
OpenCMS Cross-Site Scripting vulnerability Low
CVE-2024-42699 was published for org.opencms:opencms-core (Maven) Apr 21, 2025
Pimcore's Admin Classic Bundle allows HTML Injection Low
CVE-2025-30166 was published for pimcore/admin-ui-classic-bundle (Composer) Apr 8, 2025
React Draft Wysiwyg Cross-Site Scripting (XSS) via the Embedded Button Low
CVE-2025-3191 was published for react-draft-wysiwyg (npm) Apr 4, 2025
Drupal Link field display mode formatter Cross-Site Scripting (XSS) vulnerability Low
CVE-2025-31695 was published for drupal/link_field_display_mode_formatter (Composer) Apr 1, 2025
Drupal RapiDoc OAS Field Formatter Cross-Site Scripting (XSS) vulnerability Low
CVE-2025-31696 was published for drupal/rapidoc_elements_field_formatter (Composer) Apr 1, 2025
Drupal Formatter Suite Vulnerable to Cross-Site Scripting (XSS) via Link Element Attributes Low
CVE-2025-31697 was published for drupal/formatter_suite (Composer) Apr 1, 2025
Drupal SpamSpan Cross-Site Scripting (XSS) vulnerability Low
CVE-2025-31687 was published for drupal/spamspan (Composer) Apr 1, 2025
Drupal Core Cross-Site Scripting (XSS) Vulnerability Low
CVE-2025-31675 was published for drupal/core (Composer) Apr 1, 2025
Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction Low
CVE-2024-39311 was published for publify_core (RubyGems) Mar 28, 2025
PinkDraconian
Django TomSelect incomplete escaping of dangerous characters in widget attributes Low
GHSA-785h-76cm-cpmf was published for django-tomselect (pip) Mar 26, 2025
pysean3
Reflected XSS in go-httpbin due to unrestricted client control over Content-Type Low
GHSA-528q-4pgm-wvg2 was published for github.com/mccutchen/go-httpbin (Go) Mar 21, 2025
AyushXtha
MODX allows cross-site scripting (XSS) via an SVG file Low
CVE-2025-28010 was published for modx/revolution (Composer) Mar 13, 2025
Magento LTS vulnerable to stored XSS in theme config fields Low
CVE-2025-27400 was published for openmage/magento-lts (Composer) Mar 3, 2025
justlife4x4
tsup DOM Clobbering vulnerability Low
CVE-2024-53384 was published for tsup (npm) Mar 3, 2025
seajs Cross-site Scripting vulnerability Low
CVE-2024-51091 was published for seajs (npm) Mar 3, 2025
copyparty renders unsanitized filenames as HTML when user uploads empty files Low
CVE-2025-27145 was published for copyparty (pip) Feb 26, 2025
JayPatel48
Moodle has a stored XSS in ddimageortext question type Low
CVE-2025-26528 was published for moodle/moodle (Composer) Feb 24, 2025
tarteaucitron Cross-site Scripting (XSS) Low
CVE-2025-1467 was published for tarteaucitronjs (npm) Feb 23, 2025
Leantime allows Cross-Site Scripting (XSS) Low
GHSA-f679-254h-qhvj was published for leantime/leantime (Composer) Feb 21, 2025
justWalsdi
Keycloak allows cross-site scripting (XSS) Low
CVE-2024-4028 was published for org.keycloak:keycloak-core (Maven) Feb 18, 2025
DevDojo Voyager vulnerable to reflected Cross-site Scripting Low
CVE-2024-55416 was published for tcg/voyager (Composer) Jan 30, 2025
Dolibarr Cross-site Scripting vulnerability Low
CVE-2024-55228 was published for dolibarr/dolibarr (Composer) Jan 27, 2025
Dolibarr Cross-site Scripting vulnerability Low
CVE-2024-55227 was published for dolibarr/dolibarr (Composer) Jan 27, 2025
Reflected Cross Site Scripting (XSS) in error message Low
GHSA-74j9-xhqr-6qv3 was published for silverstripe/framework (Composer) Jan 23, 2025
Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message Low
GHSA-mqf3-qpc3-g26q was published for silverstripe/framework (Composer) Jan 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database