Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,353 advisories

Loading
Cross site scripting in Concrete CMS Moderate
CVE-2024-8291 was published for concrete5/concrete5 (Composer) Sep 25, 2024
Mautic has an XSS in contact tracking and page hits report Moderate
CVE-2021-27917 was published for mautic/core (Composer) Sep 18, 2024
patrykgruszka lenonleite
escopecz
Mautic vulnerable to XSS in contact/company tracking (no authentication) Moderate
CVE-2024-47050 was published for mautic/core (Composer) Sep 18, 2024
mqrtin patrykgruszka
lenonleite escopecz
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field) Moderate
CVE-2024-47058 was published for mautic/core (Composer) Sep 18, 2024
lenonleite escopecz
Concrete CMS stored XSS vulnerability in the "Top Navigator Bar" block Moderate
CVE-2024-8660 was published for concrete5/concrete5 (Composer) Sep 17, 2024
Wire UI has a JS XSS Vulnerability on route /wireui/button?label=Content Moderate
CVE-2024-45803 was published for wireui/wireui (Composer) Sep 17, 2024
sharathdn1 ph7jack
Contao affected by insert tag injection via canonical URL Moderate
CVE-2024-45612 was published for contao/core-bundle (Composer) Sep 17, 2024
aschempp
Concrete CMS Stored XSS in the "Next&Previous Nav" block Moderate
CVE-2024-8661 was published for concrete5/concrete5 (Composer) Sep 16, 2024
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped Moderate
CVE-2024-45592 was published for damienharper/auditor-bundle (Composer) Sep 10, 2024
fkropfhamer
Craft CMS vulnerable to stored XSS in breadcrumb list and title fields Moderate
CVE-2024-45406 was published for craftcms/cms (Composer) Sep 9, 2024
amame04
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information Moderate
CVE-2024-45046 was published for phpoffice/phpexcel (Composer) Aug 29, 2024
emilvirkki marcinwealthon
neodc
Automad Cross-site Scripting vulnerability Moderate
CVE-2024-40111 was published for automad/automad (Composer) Aug 23, 2024 withdrawn
marcantondahmen
Code Snippet GeSHi plugin in CKEditor 4 has reflected cross-site scripting (XSS) vulnerability Moderate
CVE-2024-43407 was published for ckeditor/ckeditor (Composer) Aug 21, 2024
Rudloff
Concrete CMS Stored Cross-site Scripting vulnerability Moderate
CVE-2024-4350 was published for concrete5/concrete5 (Composer) Aug 12, 2024
Concrete CMS Stored XSS in getAttributeSetName Moderate
CVE-2024-7394 was published for concrete5/concrete5 (Composer) Aug 8, 2024
Microweber Reflected Cross-site scripting (XSS) vulnerability Moderate
CVE-2024-40101 was published for microweber/microweber (Composer) Aug 6, 2024
Microweber Cross Site Scripting (XSS) vulnerability Moderate
CVE-2024-41381 was published for microweber/microweber (Composer) Aug 5, 2024
Microweber Cross Site Scripting (XSS) vulnerability Moderate
CVE-2024-41380 was published for microweber/microweber (Composer) Aug 5, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting Moderate
CVE-2024-4353 was published for concrete5/concrete5 (Composer) Aug 1, 2024
eZ Platform Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget Moderate
GHSA-gc5h-6jx9-q2qh was published for ezsystems/ezplatform-admin-ui (Composer) Jul 31, 2024
4rdr
Ibexa Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget Moderate
CVE-2024-39318 was published for ibexa/admin-ui (Composer) Jul 31, 2024
4rdr
Bolt CMS Cross-site Scripting vulnerability Moderate
CVE-2024-7300 was published for bolt/bolt (Composer) Jul 31, 2024
Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs Moderate
CVE-2024-41676 was published for openmage/magento-lts (Composer) Jul 29, 2024
justlife4x4 Flyingmana
Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar Moderate
CVE-2024-47069 was published for oveleon/contao-cookiebar (Composer) Jul 26, 2024
usdResponsibleDisclosure
Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places Moderate
CVE-2024-41709 was published for backdrop/backdrop (Composer) Jul 22, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database