Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,687 advisories

Loading
Chrome PHP is missing encoding in `CssSelector` Moderate
CVE-2025-48883 was published for chrome-php/chrome (Composer) May 28, 2025
divinity76 GrahamCampbell
enricodias
Moodle stored Cross-site Scripting (XSS) Moderate
CVE-2024-33997 was published for moodle/moodle (Composer) May 31, 2024
AnonySE26
MantisBT allows XSS on the Edit Filter page via crafted filter name Moderate
CVE-2018-14504 was published for mantisbt/mantisbt (Composer) May 14, 2022
MantisBT allows XSS via View Filters page Moderate
CVE-2018-13055 was published for mantisbt/mantisbt (Composer) May 14, 2022
MantisBT allows XSS via the Manage Filter page Moderate
CVE-2018-17782 was published for mantisbt/mantisbt (Composer) May 14, 2022
MantisBT allows XSS via Edit Filter page Moderate
CVE-2018-17783 was published for mantisbt/mantisbt (Composer) May 14, 2022
MantisBT XSS allows unsanitized input via admin/install.php Moderate
CVE-2017-12061 was published for mantisbt/mantisbt (Composer) May 13, 2022
MantisBT XSS in manage_custom_field_update.php Moderate
CVE-2020-35571 was published for mantisbt/mantisbt (Composer) May 24, 2022
Argo CD allows cross-site scripting on repositories page Critical
CVE-2025-47933 was published for github.com/argoproj/argo-cd (Go) May 28, 2025
Ry0taK crenshaw-dev
MantisBT allows XSS in manage_custom_field_edit_page.php Moderate
CVE-2021-33557 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT XXS where a Custom Field with a crafted Regular Expression property is used Moderate
CVE-2020-25288 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT XSS issue on the view_all_bug_page.php Moderate
CVE-2020-16266 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT XSS when uploading an attachment Moderate
CVE-2019-15539 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT allows cross-site scripting (XSS) via crafted filename Moderate
CVE-2019-15074 was published for mantisbt/mantisbt (Composer) May 24, 2022
MantisBT cross-site scripting (XSS) vulnerability through crafted PATH_INFO Moderate
CVE-2018-16514 was published for mantisbt/mantisbt (Composer) May 24, 2022
Liferay Portal Fragment Module and Liferay DXP Vulnerable to Cross-Site Scripting Moderate
CVE-2021-33339 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal Journal Module and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2021-33336 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2021-33332 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in Asset Publisher App Moderate
CVE-2021-29051 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Vulnerable to Cross-Site Scripting (XSS) in the Layout Admin Page Moderate
CVE-2021-29048 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Gogs vulnerable to Cross-site Scripting Critical
CVE-2022-32174 was published for gogs.io/gogs (Go) Oct 11, 2022
Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin High
CVE-2025-4123 was published for github.com/grafana/grafana (Go) May 22, 2025
io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API Moderate
CVE-2025-32951 was published for io.jmix.rest:jmix-rest (Maven) Apr 22, 2025
AnonySE26
Reflected Cross-Site Scripting (XSS) in module actions in edit mode Moderate
CVE-2025-48377 was published for DotNetNuke.Core (NuGet) May 23, 2025
bdukes david-poindexter
valadas
DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline Moderate
CVE-2025-48378 was published for DotNetNuke.Core (NuGet) May 23, 2025
bdukes david-poindexter
valadas
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database