Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,051
Erlang
29
GitHub Actions
19
Go
1,887
Maven
5,000+
npm
3,602
NuGet
638
pip
3,205
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,381 advisories

Loading
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via style information Moderate
CVE-2024-45046 was published for phpoffice/phpspreadsheet (Composer) Aug 29, 2024
emilvirkki marcinwealthon
neodc
Automad Cross-site Scripting vulnerability Moderate
CVE-2024-40111 was published for automad/automad (Composer) Aug 23, 2024 withdrawn
marcantondahmen
Persistent Cross-site Scripting in eZ Platform Rich Text Field Type High
CVE-2024-43372 was published for ezsystems/ezplatform-richtext (Composer) Aug 14, 2024
4rdr
Persistent Cross-site Scripting in Ibexa RichText Field Type High
CVE-2024-43369 was published for ibexa/fieldtype-richtext (Composer) Aug 14, 2024
4rdr
Concrete CMS vulnerable to Stored Cross-site Scripting Low
CVE-2024-7512 was published for concrete5/concrete5 (Composer) Aug 12, 2024
Concrete CMS Stored Cross-site Scripting vulnerability Low
CVE-2024-4350 was published for concrete5/concrete5 (Composer) Aug 12, 2024
Concrete CMS Stored XSS in getAttributeSetName Low
CVE-2024-7394 was published for concrete5/concrete5 (Composer) Aug 8, 2024
Microweber Reflected Cross-site scripting (XSS) vulnerability Moderate
CVE-2024-40101 was published for microweber/microweber (Composer) Aug 6, 2024
Microweber Cross Site Scripting (XSS) vulnerability Moderate
CVE-2024-41380 was published for microweber/microweber (Composer) Aug 5, 2024
Microweber Cross Site Scripting (XSS) vulnerability Moderate
CVE-2024-41381 was published for microweber/microweber (Composer) Aug 5, 2024
eZ Platform Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget Moderate
GHSA-gc5h-6jx9-q2qh was published for ezsystems/ezplatform-admin-ui (Composer) Jul 31, 2024
4rdr
Ibexa Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget Moderate
CVE-2024-39318 was published for ibexa/admin-ui (Composer) Jul 31, 2024
4rdr
Bolt CMS Cross-site Scripting vulnerability Moderate
CVE-2024-7300 was published for bolt/bolt (Composer) Jul 31, 2024
Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs Moderate
CVE-2024-41676 was published for openmage/magento-lts (Composer) Jul 29, 2024
justlife4x4 Flyingmana
ICEcoder vulnerable to Cross Site Scripting Moderate
CVE-2024-41374 was published for icecoder/icecoder (Composer) Jul 26, 2024
ICEcoder vulnerable to Cross Site Scripting Moderate
CVE-2024-41375 was published for icecoder/icecoder (Composer) Jul 26, 2024
Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar Moderate
GHSA-296q-rj83-g9rq was published for oveleon/contao-cookiebar (Composer) Jul 26, 2024
usdResponsibleDisclosure
Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places Moderate
CVE-2024-41709 was published for backdrop/backdrop (Composer) Jul 22, 2024
Silverstripe uses TinyMCE which allows svg files linked in object tags Moderate
GHSA-52cw-pvq9-9m5v was published for silverstripe/framework (Composer) Jul 17, 2024
Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload Moderate
CVE-2024-32981 was published for silverstripe/framework (Composer) Jul 17, 2024
Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting Moderate
CVE-2023-6813 was published for auth0/wordpress (Composer) Jul 11, 2024
Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6484 was published for bootstrap (RubyGems) Jul 11, 2024
metametadata
Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6531 was published for bootstrap (RubyGems) Jul 11, 2024
alexeyNeklesa-idt metametadata
BookStack Incorrect Access Control vulnerability High
CVE-2024-36676 was published for ssddanbrown/bookstack (Composer) Jul 10, 2024
October System module has a Reflected XSS via X-October-Request-Handler Header Low
CVE-2024-25637 was published for october/system (Composer) Jun 26, 2024
ProTip! Advisories are also available from the GraphQL API