Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,887 advisories

Loading
Pagekit Cross-site Scripting vulnerability Moderate
CVE-2024-45967 was published for pagekit/pagekit (Composer) Oct 1, 2024
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field Moderate
CVE-2024-47536 was published for starcitizentools/citizen-skin (Composer) Sep 30, 2024
BlankEclair
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting Critical
CVE-2024-47186 was published for filament/infolists (Composer) Sep 27, 2024
sv-LayZ danharrin
ReLaXed Cross-site Scripting vulnerability Low
CVE-2024-9283 was published for relaxedjs (npm) Sep 27, 2024
m3t3kh4n
Layui has DOM Clobbering gadgets that leads to Cross-site Scripting Moderate
CVE-2024-47075 was published for layui (npm) Sep 26, 2024
jackfromeast ishmeals
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184) Moderate
GHSA-75j2-9gmc-m855 was published for camaleon_cms (RubyGems) Sep 25, 2024
Cross-site scripting (XSS) in the clipboard package Moderate
CVE-2024-45613 was published for @ckeditor/ckeditor5-clipboard (npm) Sep 25, 2024
Flowise and Flowise Chat Embed vulnerable to Stored Cross-site Scripting Moderate
CVE-2024-9148 was published for flowise (npm) Sep 25, 2024
Cross site scripting in Concrete CMS Moderate
CVE-2024-7398 was published for concrete5/concrete5 (Composer) Sep 25, 2024
Cross site scripting in Concrete CMS Moderate
CVE-2024-8291 was published for concrete5/concrete5 (Composer) Sep 25, 2024
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS High
CVE-2024-47068 was published for rollup (npm) Sep 23, 2024
jackfromeast ishmeals
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184) Moderate
GHSA-8fx8-3rg2-79xw was published for camaleon_cms (RubyGems) Sep 23, 2024
Prevent XSS from Confidant API call Moderate
CVE-2024-45793 was published for confidant (pip) Sep 20, 2024
whu-lyft meng-han
alejandroroiz achantavy heryxpc anshumanbh bstewart-lyft reindaelman
Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes High
CVE-2024-47061 was published for @udecode/plate-core (npm) Sep 20, 2024
DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSS Moderate
GHSA-84jw-g43v-8gjm was published for @rspack/core (npm) Sep 19, 2024
jackfromeast ishmeals
Mautic has an XSS in contact tracking and page hits report Moderate
CVE-2021-27917 was published for mautic/core (Composer) Sep 18, 2024
patrykgruszka lenonleite
escopecz
Mautic vulnerable to XSS in contact/company tracking (no authentication) Moderate
CVE-2024-47050 was published for mautic/core (Composer) Sep 18, 2024
mqrtin patrykgruszka
lenonleite escopecz
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field) Moderate
CVE-2024-47058 was published for mautic/core (Composer) Sep 18, 2024
lenonleite escopecz
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184) Moderate
GHSA-r9cr-qmfw-pmrc was published for camaleon_cms (RubyGems) Sep 18, 2024
texpert
@backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection Moderate
CVE-2024-46976 was published for @backstage/plugin-techdocs-backend (npm) Sep 17, 2024
Concrete CMS stored XSS vulnerability in the "Top Navigator Bar" block Moderate
CVE-2024-8660 was published for concrete5/concrete5 (Composer) Sep 17, 2024
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS Moderate
CVE-2024-45812 was published for vite (npm) Sep 17, 2024
jackfromeast ishmeals
Wire UI has a JS XSS Vulnerability on route /wireui/button?label=Content Moderate
CVE-2024-45803 was published for wireui/wireui (Composer) Sep 17, 2024
sharathdn1 ph7jack
Contao affected by insert tag injection via canonical URL Moderate
CVE-2024-45612 was published for contao/core-bundle (Composer) Sep 17, 2024
aschempp
Concrete CMS Stored XSS in the "Next&Previous Nav" block Moderate
CVE-2024-8661 was published for concrete5/concrete5 (Composer) Sep 16, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database