GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
84 advisories
Filter by severity
LibreNMS Cross-site Scripting vulnerability
High
CVE-2023-4347
was published
for
librenms/librenms
(Composer)
Aug 15, 2023
Cockpit Cross-site Scripting vulnerability
High
CVE-2023-4321
was published
for
cockpit-hq/cockpit
(Composer)
Aug 14, 2023
Cockpit Cross-site Scripting vulnerability
High
CVE-2023-4196
was published
for
cockpit-hq/cockpit
(Composer)
Aug 6, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability
High
CVE-2023-4007
was published
for
thorsten/phpmyfaq
(Composer)
Jul 31, 2023
TeamPass Cross-site Scripting vulnerability
High
CVE-2023-3531
was published
for
nilsteampassnet/teampass
(Composer)
Jul 6, 2023
TeamPass vulnerable to stored Cross-site Scripting
High
CVE-2023-3084
was published
for
nilsteampassnet/teampass
(Composer)
Jun 3, 2023
TeamPass vulnerable to stored Cross-site Scripting
High
CVE-2023-3083
was published
for
nilsteampassnet/teampass
(Composer)
Jun 3, 2023
teampass vulnerable to code injection
High
CVE-2023-2591
was published
for
nilsteampassnet/teampass
(Composer)
May 9, 2023
Cross Site Scripting in thorsten/phpmyfaq
High
CVE-2023-2550
was published
for
thorsten/phpmyfaq
(Composer)
May 5, 2023
WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account
High
CVE-2023-30860
was published
for
wwbn/avideo
(Composer)
May 1, 2023
Cross site scripting (XSS) in wwbn/avideo
High
GHSA-2fch-hv74-fgw9
was published
for
wwbn/avideo
(Composer)
Apr 26, 2023
Possible XSS injection through Validate::isCleanHTML method
High
CVE-2023-30838
was published
for
prestashop/prestashop
(Composer)
Apr 25, 2023
thorsten/phpmyfaq vulnerable to DOM cross-site scripting (XSS) via configuration privacy note URL parameter
High
CVE-2023-1882
was published
for
thorsten/phpmyfaq
(Composer)
Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) in FAQ comment username parameter
High
CVE-2023-1758
was published
for
thorsten/phpmyfaq
(Composer)
Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via FAQ News link parameter
High
CVE-2023-1757
was published
for
thorsten/phpmyfaq
(Composer)
Apr 5, 2023
Microweber vulnerable to stored cross-site scripting (XSS) via X-Forwarded-For header
High
CVE-2023-1881
was published
for
microweber/microweber
(Composer)
Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via adminlog
High
CVE-2023-1878
was published
for
thorsten/phpmyfaq
(Composer)
Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via artlang parameter
High
CVE-2023-1880
was published
for
thorsten/phpmyfaq
(Composer)
Apr 5, 2023
smarty Cross-site Scripting vulnerability in Javascript escaping
High
CVE-2023-28447
was published
for
smarty/smarty
(Composer)
Mar 29, 2023
TYPO3 is vulnerable to Cross-Site Scripting via frontend rendering
High
CVE-2023-24814
was published
for
typo3/cms
(Composer)
Feb 8, 2023
Cross-site Scripting in librenms/librenms
High
CVE-2022-4068
was published
for
librenms/librenms
(Composer)
Nov 20, 2022
phpMyFAQ vulnerable to Cross-site Scripting
High
CVE-2022-3608
was published
for
phpmyfaq/phpmyfaq
(Composer)
Oct 19, 2022
Moodle Stored Cross-site Scripting and page denial of service
High
CVE-2022-40313
was published
for
moodle/moodle
(Composer)
Oct 1, 2022
Cross-site scripting from content entered in the tags and multiselect fields
High
GHSA-rv3r-vqjj-8c76
was published
for
getkirby/cms
(Composer)
Aug 30, 2022
Possible cross-site scripting attack via unsanitized SVG files in FoF Upload
High
CVE-2022-30999
was published
for
fof/upload
(Composer)
May 25, 2022
ProTip!
Advisories are also available from the
GraphQL API