GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
84 advisories
XSS in enshrined/svg-sanitize due to mishandled script and data values in attributes
High
CVE-2019-18857
was published
for
enshrined/svg-sanitize
(Composer)
Jan 8, 2020
The filename of uploaded files vulnerable to stored XSS
High
CVE-2020-4041
was published
for
bolt/bolt
(Composer)
Jun 9, 2020
Cross-Site Scripting through Fluid view helper arguments
High
CVE-2020-26216
was published
for
typo3fluid/fluid
(Composer)
Nov 18, 2020
Cross-site scripting (XSS) from unsanitized uploaded SVG files in Kirby
High
CVE-2021-29460
was published
for
getkirby/cms
(Composer)
Apr 30, 2021
XSS vulnerability on asset view
High
CVE-2021-27912
was published
for
mautic/core
(Composer)
Sep 1, 2021
XSS vulnerability on contacts view
High
CVE-2021-27911
was published
for
mautic/core
(Composer)
Sep 1, 2021
Stored XSS vulnerability on Bounce Management Callback
High
CVE-2021-27910
was published
for
mautic/core
(Composer)
Sep 1, 2021
HTML comments vulnerability allowing to execute JavaScript code
High
CVE-2021-41165
was published
for
ckeditor/ckeditor
(Composer)
Nov 17, 2021
ProTip!
Advisories are also available from the
GraphQL API