GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
98 advisories
Filter by severity
XSS in enshrined/svg-sanitize due to mishandled script and data values in attributes
High
CVE-2019-18857
was published
for
enshrined/svg-sanitize
(Composer)
Jan 8, 2020
The filename of uploaded files vulnerable to stored XSS
High
CVE-2020-4041
was published
for
bolt/bolt
(Composer)
Jun 9, 2020
DataTable Vulnerable to Cross-Site Scripting
High
CVE-2015-6584
was published
for
datatables
(Composer)
Aug 31, 2020
Potential XSS injection In PrestaShop contactform
High
CVE-2020-15178
was published
for
prestashop/contactform
(Composer)
Sep 15, 2020
Inline attribute values were not processed.
High
CVE-2020-15263
was published
for
orchid/platform
(Composer)
Oct 19, 2020
Cross-Site Scripting through Fluid view helper arguments
High
CVE-2020-26216
was published
for
typo3fluid/fluid
(Composer)
Nov 18, 2020
Cross-site scripting in eZ Platform Kernel
High
GHSA-mrvj-7q4f-5p42
was published
for
ezsystems/ezplatform-kernel
(Composer)
Mar 19, 2021
Cross-site scripting (XSS) from unsanitized uploaded SVG files in Kirby
High
CVE-2021-29460
was published
for
getkirby/cms
(Composer)
Apr 30, 2021
Cross-Site Scripting via SVG media files
High
CVE-2021-37710
was published
for
shopware/core
(Composer)
Aug 23, 2021
Cross-site scripting vulnerability in file upload
High
CVE-2021-39136
was published
for
baserproject/basercms
(Composer)
Aug 30, 2021
Improper Encoding or Escaping of Output in Asset Metadata Component
High
CVE-2021-39170
was published
for
pimcore/pimcore
(Composer)
Sep 1, 2021
Improper Neutralization of Text-Values in Object Version Preview
High
CVE-2021-39166
was published
for
pimcore/pimcore
(Composer)
Sep 1, 2021
XSS vulnerability on asset view
High
CVE-2021-27912
was published
for
mautic/core
(Composer)
Sep 1, 2021
XSS vulnerability on contacts view
High
CVE-2021-27911
was published
for
mautic/core
(Composer)
Sep 1, 2021
Stored XSS vulnerability on Bounce Management Callback
High
CVE-2021-27910
was published
for
mautic/core
(Composer)
Sep 1, 2021
HTML comments vulnerability allowing to execute JavaScript code
High
CVE-2021-41165
was published
for
ckeditor/ckeditor
(Composer)
Nov 17, 2021
Cross-site Scripting in snipe/snipe-it
High
CVE-2021-3961
was published
for
snipe/snipe-it
(Composer)
Nov 23, 2021
kimai2 is vulnerable to Cross-site Scripting
High
CVE-2021-3985
was published
for
kevinpapst/kimai2
(Composer)
Dec 3, 2021
Sandbox bypass in Latte templates
High
CVE-2022-21648
was published
for
latte/latte
(Composer)
Jan 6, 2022
Code Injection in microweber
High
CVE-2022-0282
was published
for
microweber/microweber
(Composer)
Jan 21, 2022
Cross-site Scripting in HTML2PDF
High
CVE-2021-45394
was published
for
spipu/html2pdf
(Composer)
Jan 21, 2022
Cross-site Scripting in microweber
High
CVE-2022-0690
was published
for
microweber/microweber
(Composer)
Feb 20, 2022
Cross-site Scripting in Microweber
High
CVE-2022-0719
was published
for
microweber/microweber
(Composer)
Feb 24, 2022
Cross-site Scripting in microweber
High
CVE-2022-0930
was published
for
microweber/microweber
(Composer)
Mar 13, 2022
ProTip!
Advisories are also available from the
GraphQL API