GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
LibreNMS vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2022-36745
was published
for
librenms/librenms
(Composer)
Aug 31, 2022
Concrete CMS vulnerable to Cross-site Scripting
Moderate
CVE-2022-43688
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext
Moderate
GHSA-fxwm-rx68-p5vx
was published
for
ezsystems/ezplatform-richtext
(Composer)
Dec 1, 2021
php-mod/curl allows Cross-site Scripting
Moderate
CVE-2021-30134
was published
for
php-mod/curl
(Composer)
Dec 26, 2022
Cross-Site Request Forgery in Drupal core
Moderate
CVE-2020-13674
was published
for
drupal/core
(Composer)
Feb 12, 2022
Cross site scripting in safe-svg
Moderate
CVE-2022-1091
was published
for
darylldoyle/safe-svg
(Composer)
Apr 19, 2022
Concrete CMS vulnerable to Reflected Cross-site Scripting
Moderate
CVE-2022-43692
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
Browsershot version 3.57.3 vulnerable to improper input validation
Moderate
CVE-2022-43984
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
Concrete CMS vulnerable to Improper Authentication
Moderate
CVE-2022-43690
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
Incorrect Authorization in Drupal core
Moderate
CVE-2020-13676
was published
for
drupal/core
(Composer)
Feb 12, 2022
Information Disclosure in User Authentication
Moderate
CVE-2021-32767
was published
for
typo3/cms
(Composer)
Jul 26, 2021
Cross-site Scripting in Drupal Core
Moderate
CVE-2020-13668
was published
for
drupal/core
(Composer)
Feb 12, 2022
XSS vulnerability on password reset page
Moderate
CVE-2021-27909
was published
for
mautic/core
(Composer)
Sep 1, 2021
XSS vulnerability that affects bootstrap
Moderate
CVE-2018-20676
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-20677
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Bootstrap vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2018-14040
was published
for
bootstrap
(RubyGems)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API