GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,201 advisories
Filter by severity
Cross-Site Scripting in TYPO3 CMS Link Handling
Moderate
CVE-2020-11065
was published
for
typo3/cms
(Composer)
May 13, 2020
Cross-Site Scripting in TYPO3 CMS Form Engine
Moderate
CVE-2020-11064
was published
for
typo3/cms
(Composer)
May 13, 2020
Cross-Site Scripting in SVG Sanitizer
Moderate
CVE-2020-11070
was published
for
t3g/svg-sanitizer
(Composer)
May 13, 2020
Cross-Site Scripting in BookStack
Moderate
CVE-2020-11055
was published
for
ssddanbrown/bookstack
(Composer)
May 7, 2020
XSS injection in the Grid component of Sylius
Moderate
CVE-2019-12186
was published
for
sylius/grid
(Composer)
Apr 15, 2020
Cross-site scripting in PHPMailer
Moderate
CVE-2017-11503
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Sanitizer bypass in svg-sanitizer
Moderate
CVE-2019-10772
was published
for
enshrined/svg-sanitize
(Composer)
Feb 27, 2020
Reflected XSS in SilverStripe
Moderate
CVE-2019-19325
was published
for
silverstripe/framework
(Composer)
Feb 24, 2020
XSS in Dolibarr ERP & CRM
Moderate
CVE-2020-7996
was published
for
dolibarr/dolibarr
(Composer)
Jan 28, 2020
Persistent XSS vulnerability in filename of attached file in PrivateBin
Moderate
CVE-2020-5223
was published
for
privatebin/privatebin
(Composer)
Jan 14, 2020
Symfony Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2019-10909
was published
for
drupal/core
(Composer)
Nov 12, 2019
Composer JavaScript injection possible via html comments
Moderate
CVE-2019-8233
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Magento Cross-Site Scripting via Attribute Set Name
Moderate
CVE-2019-8145
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Cross-site Scripting in Grav
Moderate
CVE-2019-16126
was published
for
getgrav/grav
(Composer)
Nov 8, 2019
Cross-site scripting in Dolibarr
Moderate
CVE-2019-16197
was published
for
dolibarr/dolibarr
(Composer)
Nov 8, 2019
Cross-site Scripting in Bolt
Moderate
CVE-2019-15485
was published
for
bolt/bolt
(Composer)
Nov 8, 2019
Cross-site Scripting in YII2-CMS
Moderate
CVE-2019-16130
was published
for
yii2mod/yii2-cms
(Composer)
Oct 14, 2019
Moderate severity vulnerability that affects league/commonmark
Moderate
CVE-2019-10010
was published
for
league/commonmark
(Composer)
Sep 17, 2019
Bootstrap Vulnerable to Cross-Site Scripting
Moderate
CVE-2019-8331
was published
for
Bootstrap.Less
(RubyGems)
Feb 22, 2019
bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-20677
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
XSS vulnerability that affects bootstrap
Moderate
CVE-2018-20676
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2016-10735
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Ckeditor XSS Vulnerability
Moderate
CVE-2018-17960
was published
for
ckeditor
(Composer)
Nov 21, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
ProTip!
Advisories are also available from the
GraphQL API