GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,407 advisories
Filter by severity
Injection of arbitrary HTML/JavaScript code through the media download URL
Moderate
CVE-2024-47617
was published
for
sulu/sulu
(Composer)
Oct 3, 2024
Cross-site Scripting via uploaded SVG
Moderate
CVE-2024-47618
was published
for
sulu/sulu
(Composer)
Oct 3, 2024
Contao allows admin an account to upload SVG file containing malicious JavaScript
Low
CVE-2024-45965
was published
for
contao/contao
(Composer)
Oct 2, 2024
October allows an admin account to upload PDF containing malicious JavaScript
Low
CVE-2024-45962
was published
for
october/october
(Composer)
Oct 2, 2024
Zenario allows authenticated admin users to upload PDF files containing malicious code
Low
CVE-2024-45960
was published
for
tribalsystems/zenario
(Composer)
Oct 2, 2024
Zenario Cross Site Scripting in the Image library
Low
CVE-2024-45964
was published
for
tribalsystems/zenario
(Composer)
Oct 2, 2024
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
Low
CVE-2024-47528
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature
Moderate
CVE-2024-47523
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name
High
CVE-2024-47524
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature
Moderate
CVE-2024-47525
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature
Low
CVE-2024-47526
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature
Moderate
CVE-2024-47527
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
Pagekit Cross-site Scripting vulnerability
Moderate
CVE-2024-45967
was published
for
pagekit/pagekit
(Composer)
Oct 1, 2024
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field
Moderate
CVE-2024-47536
was published
for
starcitizentools/citizen-skin
(Composer)
Sep 30, 2024
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting
Critical
CVE-2024-47186
was published
for
filament/infolists
(Composer)
Sep 27, 2024
Cross site scripting in Concrete CMS
Low
CVE-2024-7398
was published
for
concrete5/concrete5
(Composer)
Sep 25, 2024
Cross site scripting in Concrete CMS
Low
CVE-2024-8291
was published
for
concrete5/concrete5
(Composer)
Sep 25, 2024
Mautic has an XSS in contact tracking and page hits report
Moderate
CVE-2021-27917
was published
for
mautic/core
(Composer)
Sep 18, 2024
Mautic vulnerable to XSS in contact/company tracking (no authentication)
Moderate
CVE-2024-47050
was published
for
mautic/core
(Composer)
Sep 18, 2024
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
Moderate
CVE-2024-47058
was published
for
mautic/core
(Composer)
Sep 18, 2024
Concrete CMS stored XSS vulnerability in the "Top Navigator Bar" block
Moderate
CVE-2024-8660
was published
for
concrete5/concrete5
(Composer)
Sep 17, 2024
Wire UI has a JS XSS Vulnerability on route /wireui/button?label=Content
Moderate
CVE-2024-45803
was published
for
wireui/wireui
(Composer)
Sep 17, 2024
Contao affected by insert tag injection via canonical URL
Moderate
CVE-2024-45612
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
Concrete CMS Stored XSS in the "Next&Previous Nav" block
Moderate
CVE-2024-8661
was published
for
concrete5/concrete5
(Composer)
Sep 16, 2024
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped
High
CVE-2024-45592
was published
for
damienharper/auditor-bundle
(Composer)
Sep 10, 2024
ProTip!
Advisories are also available from the
GraphQL API