GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,201 advisories
Filter by severity
Cross site scripting in opencart
Moderate
CVE-2024-21515
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
Cross site scripting in opencart
Moderate
CVE-2024-21517
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Moderate
CVE-2024-38356
was published
for
TinyMCE
(Composer)
Jun 19, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Moderate
CVE-2024-38357
was published
for
TinyMCE
(Composer)
Jun 19, 2024
Moodle stored XSS via calendar's event title when deleting the event
Moderate
CVE-2024-38274
was published
for
moodle/moodle
(Composer)
Jun 18, 2024
Magento Open Source Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-34105
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
WooCommerce has a Cross-Site Scripting (XSS) Vulnerability in checkout & registration forms
Moderate
CVE-2024-37297
was published
for
woocommerce/woocommerce
(Composer)
Jun 12, 2024
Zend_Filter_StripTags vulnerable to Cross-site Scripting when comments allowed
Moderate
GHSA-4vf6-mq7w-3hp6
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide`
Moderate
GHSA-4v57-pwvf-x35j
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zend-Form vulnerable to Cross-site Scripting
Moderate
GHSA-gvpp-6jrj-5pqc
was published
for
zendframework/zend-form
(Composer)
Jun 7, 2024
Zendframework Potential XSS or HTML Injection vector in Zend_Json
Moderate
GHSA-vvm3-rv48-j3g5
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework Cross-site Scripting vector in `Zend_Filter_StripTags`
Moderate
GHSA-gwpm-pm6x-h7rj
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework Potential Cross-site Scripting in Development Environment Error View Script
Moderate
GHSA-g52p-86j5-xr8q
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework potential Cross-site Scripting vectors due to inconsistent encodings
Moderate
GHSA-hg35-vqp3-fv39
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework potential Cross-site Scripting vector in `Zend_Dojo_View_Helper_Editor`
Moderate
GHSA-j543-vg33-g6vj
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework has potential Cross-site Scripting vector in multiple view helpers
Moderate
GHSA-m7hr-j867-3f34
was published
for
zendframework/zend-view
(Composer)
Jun 7, 2024
ZendFramework vulnerable to Cross-site Scripting
Moderate
GHSA-5gmf-3c43-q73v
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Zendframework has potential Cross-site Scripting vector in multiple view helpers
Moderate
GHSA-8q77-cv62-jj38
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Frontend User Login
Moderate
GHSA-2rcw-9hrm-8q7q
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Backend Modal Component
Moderate
GHSA-7q33-hxwj-7p8v
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Moderate
GHSA-8m6j-p5jv-v69w
was published
for
typo3/cms
(Composer)
Jun 7, 2024
Cross-site scripting (XSS) vulnerability in Description metadata
Moderate
CVE-2024-37160
was published
for
getformwork/formwork
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Form Framework validation handling
Moderate
GHSA-v8m4-3w37-ghxx
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Form Framework
Moderate
GHSA-4h5c-5g25-v7fh
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Link Handling
Moderate
GHSA-xgmx-j3hv-jh9x
was published
for
typo3/cms
(Composer)
Jun 7, 2024
ProTip!
Advisories are also available from the
GraphQL API