GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS
Moderate
CVE-2024-47765
was published
for
dev-lancer/minecraft-motd-parser
(Composer)
Oct 4, 2024
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field
Moderate
CVE-2024-47536
was published
for
starcitizentools/citizen-skin
(Composer)
Sep 30, 2024
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
Moderate
CVE-2022-25774
was published
for
mautic/core
(Composer)
Apr 12, 2024
Craft CMS vulnerable to stored XSS in breadcrumb list and title fields
Moderate
CVE-2024-45406
was published
for
craftcms/cms
(Composer)
Sep 9, 2024
TCPDF Cross-site Scripting vulnerability
Moderate
CVE-2024-32489
was published
for
tecnickcom/tcpdf
(Composer)
Apr 15, 2024
WooCommerce has a Cross-Site Scripting (XSS) Vulnerability in checkout & registration forms
Moderate
CVE-2024-37297
was published
for
woocommerce/woocommerce
(Composer)
Jun 12, 2024
TokenController formName not sanitized in hidden input
Moderate
CVE-2024-37156
was published
for
sulu/form-bundle
(Composer)
Jun 6, 2024
phpxmlrpc/extra XSS in class documenting_xmlrpc_server
Moderate
GHSA-ww6p-q26w-fr6m
was published
for
phpxmlrpc/extras
(Composer)
May 20, 2024
phpMyFAQ Stored HTML Injection at contentLink
Moderate
CVE-2024-28108
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
phpMyFAQ vulnerable to stored XSS on attachments filename
Moderate
CVE-2024-24574
was published
for
phpmyfaq/phpmyfaq
(Composer)
Feb 5, 2024
Craft CMS stored XSS in review volume
Moderate
CVE-2023-33196
was published
for
craftcms/cms
(Composer)
May 26, 2023
Craft CMS stored XSS in indexedVolumes
Moderate
CVE-2023-33197
was published
for
craftcms/cms
(Composer)
May 26, 2023
Cross-site scripting (XSS) from image block content in the site frontend
Moderate
CVE-2021-41258
was published
for
getkirby/cms
(Composer)
Nov 16, 2021
Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/sylius
Moderate
CVE-2022-24749
was published
for
Sylius/Sylius
(Composer)
Mar 14, 2022
ProTip!
Advisories are also available from the
GraphQL API