Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

84 advisories

Loading
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name High
CVE-2024-47524 was published for librenms/librenms (Composer) Oct 1, 2024
minhnq1618
Mautic vulnerable to stored cross-site scripting in description field High
CVE-2021-27915 was published for mautic/core (Composer) Apr 11, 2024
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped High
CVE-2024-45592 was published for damienharper/auditor-bundle (Composer) Sep 10, 2024
fkropfhamer
Persistent Cross-site Scripting in Ibexa RichText Field Type High
CVE-2024-43369 was published for ibexa/fieldtype-richtext (Composer) Aug 14, 2024
4rdr
Persistent Cross-site Scripting in eZ Platform Rich Text Field Type High
CVE-2024-43372 was published for ezsystems/ezplatform-richtext (Composer) Aug 14, 2024
4rdr
BookStack Incorrect Access Control vulnerability High
CVE-2024-36676 was published for ssddanbrown/bookstack (Composer) Jul 10, 2024
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API High
GHSA-x428-565f-8xj2 was published for typo3/cms-core (Composer) May 30, 2024
Passbolt API Stored XSS on first/last name during setup High
GHSA-2f46-4xjm-73x5 was published for passbolt/passbolt_api (Composer) May 20, 2024
Cross-site Scripting vulnerabilities in Neos High
GHSA-6cj3-rc4p-f38f was published for neos/neos (Composer) May 17, 2024
eZ Platform Admin UI Cross-site Scripting vulnerability High
GHSA-q73v-79x3-jv2w was published for ezsystems/ezplatform-admin-ui (Composer) May 15, 2024
Cross-site Scripting in eZFind spellcheck High
GHSA-9cq2-pcgr-8h62 was published for ezsystems/ezfind-ls (Composer) May 15, 2024
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS High
GHSA-jq9q-6p42-qpr7 was published for ezsystems/ezdemo-ls-extension (Composer) May 15, 2024
Yii Framework reflected Cross-site Scripting High
CVE-2018-6010 was published for yiisoft/yii2 (Composer) May 13, 2022
Moodle Stored Cross-site Scripting and page denial of service High
CVE-2022-40313 was published for moodle/moodle (Composer) Oct 1, 2022
LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS High
CVE-2024-32479 was published for librenms/librenms (Composer) Apr 22, 2024
rook1337
Cross site scripting via canonical tag in Contao High
CVE-2022-24899 was published for contao/contao (Composer) May 20, 2022
Dolibarr Application Home Page has HTML injection vulnerability High
CVE-2024-23817 was published for dolibarr/dolibarr (Composer) Apr 18, 2024
saimanikanta1992
October CMS Cross-site Scripting vulnerability High
CVE-2023-25365 was published for october/october (Composer) Feb 9, 2024
Statmic CMS vulnerable to account takeover via XSS and password reset link High
CVE-2024-24570 was published for statamic/cms (Composer) Feb 1, 2024
sec-consult
Cross-Site Scripting through Fluid view helper arguments High
CVE-2020-26216 was published for typo3fluid/fluid (Composer) Nov 18, 2020
NamelessCoder jonaseberle
Stored XSS vulnerability on Bounce Management Callback High
CVE-2021-27910 was published for mautic/core (Composer) Sep 1, 2021
tdunlap607
XSS vulnerability on contacts view High
CVE-2021-27911 was published for mautic/core (Composer) Sep 1, 2021
MatisAct rohitp19
XSS vulnerability on asset view High
CVE-2021-27912 was published for mautic/core (Composer) Sep 1, 2021
MatisAct rohitp19
XSS in Mautic High
CVE-2021-3142 was published for mautic/core (Composer) Jan 29, 2021
dennisameling
smarty Cross-site Scripting vulnerability in Javascript escaping High
CVE-2023-28447 was published for smarty/smarty (Composer) Mar 29, 2023
takaram
ProTip! Advisories are also available from the GraphQL API