GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,242 advisories
Filter by severity
Persistent XSS vulnerability in filename of attached file in PrivateBin
Moderate
CVE-2020-5223
was published
for
privatebin/privatebin
(Composer)
Jan 14, 2020
Cross-Site Scripting in BookStack
Moderate
CVE-2020-11055
was published
for
ssddanbrown/bookstack
(Composer)
May 7, 2020
Cross-site scripting in PHPMailer
Moderate
CVE-2017-11503
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Sanitizer bypass in svg-sanitizer
Moderate
CVE-2019-10772
was published
for
enshrined/svg-sanitize
(Composer)
Feb 27, 2020
Cross-Site Scripting in SVG Sanitizer
Moderate
CVE-2020-11070
was published
for
t3g/svg-sanitizer
(Composer)
May 13, 2020
XSS vulnerability when listing users on add & modify server pages.
Moderate
GHSA-5822-pw57-vv37
was published
for
pterodactyl/panel
(Composer)
Oct 8, 2020
Reflected XSS with parameters in PostComment
Moderate
CVE-2020-26225
was published
for
prestashop/productcomments
(Composer)
Nov 16, 2020
Cross-Site Scripting in Grav
Moderate
GHSA-cvmr-6428-87w9
was published
for
getgrav/grav
(Composer)
Dec 10, 2020
XSS vulnerability in company name field in Mautic
Moderate
CVE-2018-11200
was published
for
mautic/core
(Composer)
Jan 19, 2021
Authenticated Stored XSS in Administration
Moderate
GHSA-f6p7-8xfw-fjqq
was published
for
shopware/shopware
(Composer)
May 21, 2021
XSS in various backend modules due to (un)escaping in JS notification module
Moderate
GHSA-jfxf-4frr-9j3q
was published
for
neos/neos
(Composer)
May 25, 2022
XML-RPC for PHP's debugger vulnerable to possible XSS attack
Moderate
GHSA-pxqj-xrv5-qvjf
was published
for
phpxmlrpc/phpxmlrpc
(Composer)
Jan 11, 2023
OroCommerce vulnerable to XSS when adding class name to Selector Manager on pages that use GrapeJS editor
Moderate
GHSA-6f85-3f8q-qc94
was published
for
oro/commerce
(Composer)
Jul 15, 2022
phpMyFAQ Stored Cross-site Scripting vulnerability
Moderate
CVE-2023-0310
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability
Moderate
CVE-2023-0309
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability
Moderate
CVE-2023-0308
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability
Moderate
CVE-2023-0306
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
thorsten/phpmyfaq is vulnerable to cross-site scripting (XSS)
Moderate
CVE-2023-0312
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
phpMyFAQ Reflected Cross-site Scripting vulnerability
Moderate
CVE-2023-0314
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability
Moderate
CVE-2023-0313
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
pimcore is vulnerable to cross-site scripting via "title field " in data objects
Moderate
CVE-2023-0323
was published
for
pimcore/pimcore
(Composer)
Jan 20, 2023
Cross-site Scripting in moodle
Moderate
CVE-2021-43558
was published
for
moodle/moodle
(Composer)
Nov 23, 2021
Unrestricted file upload leads to stored cross-site scripting in Microweber
Moderate
CVE-2022-0906
was published
for
microweber/microweber
(Composer)
Mar 11, 2022
Cross-site Scripting in ShowDoc
Moderate
CVE-2022-0880
was published
for
showdoc/showdoc
(Composer)
Mar 13, 2022
ProTip!
Advisories are also available from the
GraphQL API