GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
29 advisories
Filter by severity
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting
Critical
CVE-2024-47186
was published
for
filament/infolists
(Composer)
Sep 27, 2024
VuFind Server-Side Request Forgery (SSRF) vulnerability
Critical
CVE-2024-25737
was published
for
vufind/vufind
(Composer)
May 22, 2024
Mautic is vulnerable to XSS vulnerability
Critical
CVE-2020-35125
was published
for
mautic/core
(Composer)
May 15, 2024
PrestaShop cross-site scripting via customer contact form in FO, through file upload
Critical
CVE-2024-34716
was published
for
prestashop/prestashop
(Composer)
May 14, 2024
Blind XSS Leading to Froxlor Application Compromise
Critical
CVE-2024-34070
was published
for
froxlor/froxlor
(Composer)
May 10, 2024
phpMyFAQ Cross-site Scripting vulnerability
Critical
CVE-2023-5316
was published
for
thorsten/phpmyfaq
(Composer)
Sep 30, 2023
phpMyFAQ Cross-site Scripting vulnerability
Critical
CVE-2023-5320
was published
for
thorsten/phpmyfaq
(Composer)
Sep 30, 2023
Cross Site Scripting vulnerability in Dolibarr ERP CRM
Critical
CVE-2023-38888
was published
for
dolibarr/dolibarr
(Composer)
Sep 20, 2023
TeamPass vulnerable to stored Cross-site Scripting
Critical
CVE-2023-3086
was published
for
nilsteampassnet/teampass
(Composer)
Jun 3, 2023
Duplicate Advisory: AVideo contains Command injection when embedding a video link
Critical
GHSA-wj6r-53f5-q789
was published
for
wwbn/avideo
(Composer)
Apr 25, 2023
•
withdrawn
Cross-site Scripting in kimai/kimai
Critical
CVE-2020-19825
was published
for
kimai/kimai
(Composer)
Feb 16, 2023
tinymighty WikiSEO is vulnerable to cross-site scripting via modifyHTML function
Critical
CVE-2015-10073
was published
for
tinymighty/wiki-seo
(Composer)
Feb 6, 2023
AVideo contains Command injection when embedding a video link
Critical
CVE-2023-25313
was published
for
wwbn/avideo
(Composer)
Feb 2, 2023
PyroCMS vulnerable to stored Cross Site Scripting
Critical
CVE-2022-37721
was published
for
pyrocms/pyrocms
(Composer)
Nov 25, 2022
Cross site scripting vulnerability with discussion titles
Critical
CVE-2022-41938
was published
for
flarum/core
(Composer)
Nov 21, 2022
ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS)
Critical
GHSA-58h5-h554-429q
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
Nov 10, 2022
Cross-site Scripting vulnerability in Mautic's tracking pixel functionality
Critical
CVE-2022-25772
was published
for
mautic/core
(Composer)
May 25, 2022
Mautic stored Cross-site Scripting (XSS)
Critical
CVE-2020-35129
was published
for
mautic/core
(Composer)
May 24, 2022
Mautic stored Cross-site Scripting (XSS)
Critical
CVE-2020-35128
was published
for
mautic/core
(Composer)
May 24, 2022
Magento DOM-based Cross-site scripting vulnerability
Critical
CVE-2020-9691
was published
for
magento/community-edition
(Composer)
May 24, 2022
Dolibarr Cross-site Scripting via the qty parameter in product/fournisseurs.php
Critical
CVE-2019-19212
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Cross site scripting in FacturaScripts
Critical
CVE-2022-1514
was published
for
facturascripts/facturascripts
(Composer)
Apr 29, 2022
Cross site scripting in facturascripts
Critical
CVE-2022-1457
was published
for
neorazorx/facturascripts
(Composer)
Apr 26, 2022
Remote code injection in dompdf/dompdf
Critical
CVE-2022-28368
was published
for
dompdf/dompdf
(Composer)
Apr 4, 2022
Cross-site Scripting in showdoc/showdoc
Critical
CVE-2022-0960
was published
for
showdoc/showdoc
(Composer)
Mar 15, 2022
ProTip!
Advisories are also available from the
GraphQL API