Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,221 advisories

Loading
Cross-site Scripting via uploaded SVG Moderate
CVE-2024-47618 was published for sulu/sulu (Composer) Oct 3, 2024
alexander-schranz
Injection of arbitrary HTML/JavaScript code through the media download URL Moderate
CVE-2024-47617 was published for sulu/sulu (Composer) Oct 3, 2024
LimeSurvey Cross Site Scripting vulnerability Moderate
CVE-2024-28710 was published for limesurvey/limesurvey (Composer) Oct 7, 2024
Magento Open Source Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-45116 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source stored Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-45127 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-45123 was published for magento/community-edition (Composer) Oct 10, 2024
Lara-zeus Dynamic Dashboard and Artemis do not validate paragraph widget values which can be used for XSS Moderate
CVE-2024-47817 was published for lara-zeus/artemis (Composer) Oct 7, 2024
sharmaraghs
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks Moderate
CVE-2024-45292 was published for phpoffice/phpspreadsheet (Composer) Oct 7, 2024
emilvirkki
PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample file Moderate
CVE-2024-45060 was published for phpoffice/phpspreadsheet (Composer) Oct 7, 2024
stealthcopter
Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name Moderate
CVE-2024-45932 was published for krayin/laravel-crm (Composer) Oct 7, 2024
LimeSurvey Cross Site Scripting vulnerability Moderate
CVE-2024-28709 was published for limesurvey/limesurvey (Composer) Oct 7, 2024
Mediawiki Cargo extension vulnerable to Cross-site Scripting Moderate
CVE-2024-47847 was published for mediawiki/cargo (Composer) Oct 5, 2024
Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS Moderate
CVE-2024-47765 was published for dev-lancer/minecraft-motd-parser (Composer) Oct 4, 2024
Krymonota jgniecki
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature Moderate
CVE-2024-47527 was published for librenms/librenms (Composer) Oct 1, 2024
RaphaelCSS RaphaelCSSilva
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature Moderate
CVE-2024-47523 was published for librenms/librenms (Composer) Oct 1, 2024
RaphaelCSS RaphaelCSSilva
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature Moderate
CVE-2024-47525 was published for librenms/librenms (Composer) Oct 1, 2024
RaphaelCSS RaphaelCSSilva
Pagekit Cross-site Scripting vulnerability Moderate
CVE-2024-45967 was published for pagekit/pagekit (Composer) Oct 1, 2024
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field Moderate
CVE-2024-47536 was published for starcitizentools/citizen-skin (Composer) Sep 30, 2024
BlankEclair
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field) Moderate
CVE-2024-47058 was published for mautic/core (Composer) Sep 18, 2024
lenonleite escopecz
Mautic vulnerable to XSS in contact/company tracking (no authentication) Moderate
CVE-2024-47050 was published for mautic/core (Composer) Sep 18, 2024
mqrtin patrykgruszka
lenonleite escopecz
Mautic has an XSS in contact tracking and page hits report Moderate
CVE-2021-27917 was published for mautic/core (Composer) Sep 18, 2024
patrykgruszka lenonleite
escopecz
Contao affected by insert tag injection via canonical URL Moderate
CVE-2024-45612 was published for contao/core-bundle (Composer) Sep 17, 2024
aschempp
Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar Moderate
CVE-2024-47069 was published for oveleon/contao-cookiebar (Composer) Jul 26, 2024
usdResponsibleDisclosure
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards Moderate
CVE-2022-25774 was published for mautic/core (Composer) Apr 12, 2024
Vautia
Wire UI has a JS XSS Vulnerability on route /wireui/button?label=Content Moderate
CVE-2024-45803 was published for wireui/wireui (Composer) Sep 17, 2024
sharathdn1 PH7-Jack
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database