Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,884 advisories

Loading
WSO2 products vulnerable to Cross-site Scripting Moderate
CVE-2024-8008 was published for org.wso2.carbon.identity.framework:org.wso2.carbon.identity.user.store.configuration.ui (Maven) Jun 2, 2025
Cross-site Scripting (XSS) in serialize-javascript Moderate
CVE-2024-11831 was published for serialize-javascript (npm) Feb 10, 2025
mhassan1
MantisBT XSS via my_view_page.php and view_user_page.php Moderate
CVE-2017-7897 was published for mantisbt/mantisbt (Composer) May 17, 2022
Drupal Core Cross-Site Scripting (XSS) Moderate
CVE-2024-12393 was published for drupal/core (Composer) Dec 10, 2024
Froxlor has an HTML Injection Vulnerability Moderate
CVE-2025-48958 was published for froxlor/froxlor (Composer) Mar 11, 2025
BenefactorYuvi
Gokapi vulnerable to stored XSS via uploading file with malicious file name Moderate
CVE-2025-48494 was published for github.com/forceu/gokapi (Go) Jun 3, 2025
4rdr Forceu
Gokapi has stored XSS vulnerability in friendly name for API keys Moderate
CVE-2025-48495 was published for github.com/forceu/gokapi (Go) Jun 3, 2025
Forceu
Chrome PHP is missing encoding in `CssSelector` Moderate
CVE-2025-48883 was published for chrome-php/chrome (Composer) May 28, 2025
divinity76 GrahamCampbell
enricodias
Moodle stored Cross-site Scripting (XSS) Moderate
CVE-2024-33997 was published for moodle/moodle (Composer) May 31, 2024
AnonySE26
MantisBT allows XSS on the Edit Filter page via crafted filter name Moderate
CVE-2018-14504 was published for mantisbt/mantisbt (Composer) May 14, 2022
MantisBT allows XSS via View Filters page Moderate
CVE-2018-13055 was published for mantisbt/mantisbt (Composer) May 14, 2022
MantisBT allows XSS via the Manage Filter page Moderate
CVE-2018-17782 was published for mantisbt/mantisbt (Composer) May 14, 2022
MantisBT allows XSS via Edit Filter page Moderate
CVE-2018-17783 was published for mantisbt/mantisbt (Composer) May 14, 2022
MantisBT XSS allows unsanitized input via admin/install.php Moderate
CVE-2017-12061 was published for mantisbt/mantisbt (Composer) May 13, 2022
MantisBT XSS in manage_custom_field_update.php Moderate
CVE-2020-35571 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT allows XSS in manage_custom_field_edit_page.php Moderate
CVE-2021-33557 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT XXS where a Custom Field with a crafted Regular Expression property is used Moderate
CVE-2020-25288 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT XSS issue on the view_all_bug_page.php Moderate
CVE-2020-16266 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT XSS when uploading an attachment Moderate
CVE-2019-15539 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT allows cross-site scripting (XSS) via crafted filename Moderate
CVE-2019-15074 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT cross-site scripting (XSS) vulnerability through crafted PATH_INFO Moderate
CVE-2018-16514 was published for mantisbt/mantisbt (Composer) May 24, 2022
Liferay Portal Fragment Module and Liferay DXP Vulnerable to Cross-Site Scripting Moderate
CVE-2021-33339 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal Journal Module and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2021-33336 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2021-33332 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App Moderate
CVE-2021-29051 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database