GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,244 advisories
Filter by severity
Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx
Moderate
CVE-2024-56364
was published
for
shuchkin/simplexlsx
(Composer)
Dec 23, 2024
Cross-site Scripting vulnerability in SimpleXLSXEx::readXfs and SimpeXLSX::toHTMLEx
Moderate
CVE-2024-55878
was published
for
shuchkin/simplexlsx
(Composer)
Dec 12, 2024
Drupal Core Cross-Site Scripting (XSS)
Moderate
CVE-2024-12393
was published
for
drupal/core
(Composer)
Dec 10, 2024
LibreNMS stored cross-site scripting (XSS) vulnerability in the Device Settings section
Moderate
CVE-2024-53457
was published
for
librenms/librenms
(Composer)
Dec 6, 2024
Ibexa Admin UI vulnerable to Cross-site Scripting in a field that is used in the Content name pattern
Moderate
CVE-2024-53864
was published
for
ibexa/admin-ui
(Composer)
Dec 2, 2024
Redaxo Core CMS Cross Site Scripting (XSS)
Moderate
CVE-2024-50803
was published
for
redaxo/source
(Composer)
Nov 19, 2024
LibreNMS has a stored XSS in ExamplePlugin with Device's Notes
Moderate
CVE-2024-49758
was published
for
librenms/librenms
(Composer)
Nov 15, 2024
Cross site scripting in sylius/sylius
Moderate
CVE-2021-3841
was published
for
sylius/sylius
(Composer)
Nov 15, 2024
UnoPim Stored XSS : Cookie hijacking through Create User function
Moderate
CVE-2024-52305
was published
for
unopim/unopim
(Composer)
Nov 13, 2024
UnoPim Cross-site Scripting vulnerability
Moderate
CVE-2024-50637
was published
for
unopim/unopim
(Composer)
Nov 6, 2024
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature
Moderate
CVE-2024-46998
was published
for
baserproject/basercms
(Composer)
Oct 24, 2024
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature
Moderate
CVE-2024-46996
was published
for
baserproject/basercms
(Composer)
Oct 24, 2024
baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request
Moderate
CVE-2024-46995
was published
for
baserproject/basercms
(Composer)
Oct 24, 2024
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature
Moderate
CVE-2024-46994
was published
for
baserproject/basercms
(Composer)
Oct 24, 2024
Magento Open Source stored Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-45127
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-45116
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-45123
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name
Moderate
CVE-2024-45932
was published
for
krayin/laravel-crm
(Composer)
Oct 7, 2024
LimeSurvey Cross Site Scripting vulnerability
Moderate
CVE-2024-28709
was published
for
limesurvey/limesurvey
(Composer)
Oct 7, 2024
LimeSurvey Cross Site Scripting vulnerability
Moderate
CVE-2024-28710
was published
for
limesurvey/limesurvey
(Composer)
Oct 7, 2024
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks
Moderate
CVE-2024-45292
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
Lara-zeus Dynamic Dashboard and Artemis do not validate paragraph widget values which can be used for XSS
Moderate
CVE-2024-47817
was published
for
lara-zeus/artemis
(Composer)
Oct 7, 2024
PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample file
Moderate
CVE-2024-45060
was published
for
phpoffice/phpspreadsheet
(Composer)
Oct 7, 2024
Mediawiki Cargo extension vulnerable to Cross-site Scripting
Moderate
CVE-2024-47847
was published
for
mediawiki/cargo
(Composer)
Oct 5, 2024
Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS
Moderate
CVE-2024-47765
was published
for
dev-lancer/minecraft-motd-parser
(Composer)
Oct 4, 2024
ProTip!
Advisories are also available from the
GraphQL API