GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
132 advisories
Filter by severity
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
Low
CVE-2024-47058
was published
for
mautic/core
(Composer)
Sep 18, 2024
Cabot Cross Site Scripting (XSS) vulnerability via Endpoint column
Low
CVE-2020-7734
was published
for
cabot
(pip)
May 24, 2022
Concrete CMS Stored Cross-site Scripting vulnerability
Low
CVE-2024-2179
was published
for
concrete5/concrete5
(Composer)
Mar 5, 2024
Concrete CMS vulnerable to Stored Cross-site Scripting
Low
CVE-2024-7512
was published
for
concrete5/concrete5
(Composer)
Aug 12, 2024
Withdrawn Advisory: Stored Cross-site scripting affecting automad/automad
Low
CVE-2023-7035
was published
for
automad/automad
(Composer)
Dec 21, 2023
•
withdrawn
CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover
Low
CVE-2024-43411
was published
for
ckeditor4
(npm)
Aug 21, 2024
Concrete CMS Stored Cross-site Scripting vulnerability
Low
CVE-2024-4350
was published
for
concrete5/concrete5
(Composer)
Aug 12, 2024
Concrete CMS Stored XSS in getAttributeSetName
Low
CVE-2024-7394
was published
for
concrete5/concrete5
(Composer)
Aug 8, 2024
Concrete CMS Stored XSS in blocks of type file
Low
CVE-2024-3180
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Mattermost Cross-site Scripting vulnerability
Low
CVE-2023-7113
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Dec 29, 2023
DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document
Low
CVE-2024-38364
was published
for
org.dspace:dspace-server-webapp
(Maven)
Jun 25, 2024
October System module has a Reflected XSS via X-October-Request-Handler Header
Low
CVE-2024-25637
was published
for
october/system
(Composer)
Jun 26, 2024
Arbitrary JavaScript execution due to using outdated libraries
Low
GHSA-4m3g-6r7g-jv4f
was published
for
gradio_pdf
(pip)
Jun 5, 2024
Umbraco Forms components vulnerable to Stored Cross-site Scripting
Low
CVE-2024-35239
was published
for
Umbraco.Forms
(NuGet)
May 28, 2024
vxe-table Cross-site Scripting vulnerability
Low
CVE-2023-1001
was published
for
vxe-table
(npm)
May 24, 2024
Silverstripe admin XSS Vulnerability via WYSIWYG editor
Low
GHSA-779c-7w4p-2c4g
was published
for
silverstripe/admin
(Composer)
May 22, 2024
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface
Low
CVE-2014-3594
was published
for
horizon
(pip)
May 13, 2022
TYPO3 vulnerable to an HTML Injection in the History Module
Low
CVE-2024-34355
was published
for
typo3/cms-core
(Composer)
May 14, 2024
MoinMoin Cross-site Scripting (XSS) vulnerability
Low
CVE-2011-1058
was published
for
moin
(pip)
May 17, 2022
MoinMoin Cross-site Scripting (XSS) vulnerability
Low
CVE-2010-0828
was published
for
moin
(pip)
May 2, 2022
TYPO3 cross-site scripting (XSS)
Low
CVE-2015-5956
was published
for
typo3/cms
(Composer)
May 14, 2022
Concrete CMS Stored XSS in the Search Field
Low
CVE-2024-3181
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Stored XSS in the Custom Class page editing
Low
CVE-2024-3179
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
Low
CVE-2024-3178
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
ProTip!
Advisories are also available from the
GraphQL API