GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
78 advisories
Filter by severity
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
Low
CVE-2024-47058
was published
for
mautic/core
(Composer)
Sep 18, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting
Low
CVE-2024-7512
was published
for
concrete5/concrete5
(Composer)
Aug 12, 2024
Concrete CMS Stored Cross-site Scripting vulnerability
Low
CVE-2024-4350
was published
for
concrete5/concrete5
(Composer)
Aug 12, 2024
Concrete CMS Stored XSS in getAttributeSetName
Low
CVE-2024-7394
was published
for
concrete5/concrete5
(Composer)
Aug 8, 2024
October System module has a Reflected XSS via X-October-Request-Handler Header
Low
CVE-2024-25637
was published
for
october/system
(Composer)
Jun 26, 2024
Silverstripe admin XSS Vulnerability via WYSIWYG editor
Low
GHSA-779c-7w4p-2c4g
was published
for
silverstripe/admin
(Composer)
May 22, 2024
TYPO3 vulnerable to an HTML Injection in the History Module
Low
CVE-2024-34355
was published
for
typo3/cms-core
(Composer)
May 14, 2024
Concrete CMS Stored XSS in blocks of type file
Low
CVE-2024-3180
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Stored XSS in the Custom Class page editing
Low
CVE-2024-3179
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
Low
CVE-2024-3178
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Stored XSS on the calendar color settings screen
Low
CVE-2024-2753
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Stored XSS in the Search Field
Low
CVE-2024-3181
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
RosarioSIS cross site scripting vulnerability
Low
CVE-2024-3138
was published
for
francoisjacquet/rosariosis
(Composer)
Apr 2, 2024
Concrete CMS Stored Cross-site Scripting vulnerability
Low
CVE-2024-2179
was published
for
concrete5/concrete5
(Composer)
Mar 5, 2024
Concrete CMS vulnerable to stored XSS in file tags and description attributes
Low
CVE-2024-1245
was published
for
concrete5/concrete5
(Composer)
Feb 9, 2024
Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature
Low
CVE-2024-1246
was published
for
concrete5/concrete5
(Composer)
Feb 9, 2024
Concrete CMS vulnerable to stored XSS via the Role Name field
Low
CVE-2024-1247
was published
for
concrete5/concrete5
(Composer)
Feb 9, 2024
Sulu HTML Injection via Autocomplete Suggestion
Low
CVE-2024-24807
was published
for
sulu/sulu
(Composer)
Feb 5, 2024
Winter CMS Stored XSS through Backend ColorPicker FormWidget
Low
CVE-2023-52084
was published
for
winter/wn-backend-module
(Composer)
Dec 28, 2023
Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming
Low
CVE-2023-52083
was published
for
winter/wn-system-module
(Composer)
Dec 28, 2023
Withdrawn Advisory: Stored Cross-site scripting affecting automad/automad
Low
CVE-2023-7035
was published
for
automad/automad
(Composer)
Dec 21, 2023
•
withdrawn
Concrete CMS Cross-site Scripting vulnerability
Low
CVE-2023-48649
was published
for
concrete5/concrete5
(Composer)
Nov 17, 2023
Winter CMS stored XSS through privileged upload of SVG file
Low
CVE-2023-37269
was published
for
wintercms/winter
(Composer)
Jul 7, 2023
CraftCMS stored XSS in Quick Post widget error message
Low
CVE-2023-33194
was published
for
craftcms/cms
(Composer)
May 26, 2023
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names
Low
CVE-2023-28819
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
ProTip!
Advisories are also available from the
GraphQL API