Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,887 advisories

Loading
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option Moderate
CVE-2024-38356 was published for TinyMCE (Composer) Jun 19, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements Moderate
CVE-2024-38357 was published for TinyMCE (Composer) Jun 19, 2024
Malav-MK
Moodle stored XSS via calendar's event title when deleting the event Moderate
CVE-2024-38274 was published for moodle/moodle (Composer) Jun 18, 2024
Magento Open Source Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-34105 was published for magento/community-edition (Composer) Jun 13, 2024
Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components Moderate
GHSA-hjx6-f647-mvf9 was published for invenio-communities (pip) Jun 12, 2024
WooCommerce has a Cross-Site Scripting (XSS) Vulnerability in checkout & registration forms Moderate
CVE-2024-37297 was published for woocommerce/woocommerce (Composer) Jun 12, 2024
SummerNote Cross Site Scripting Vulnerability Moderate
CVE-2024-37629 was published for summernote (npm) Jun 12, 2024
Jupyter Server Proxy has a reflected XSS issue in host parameter Critical
CVE-2024-35225 was published for jupyter-server-proxy (pip) Jun 11, 2024
dlqqq
ghtml Cross-Site Scripting (XSS) vulnerability High
CVE-2024-37166 was published for ghtml (npm) Jun 10, 2024
lirantal
Zend_Filter_StripTags vulnerable to Cross-site Scripting when comments allowed Moderate
GHSA-4vf6-mq7w-3hp6 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide` Moderate
GHSA-4v57-pwvf-x35j was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zend-Form vulnerable to Cross-site Scripting Moderate
GHSA-gvpp-6jrj-5pqc was published for zendframework/zend-form (Composer) Jun 7, 2024
Zendframework Potential XSS or HTML Injection vector in Zend_Json Moderate
GHSA-vvm3-rv48-j3g5 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework Cross-site Scripting vector in `Zend_Filter_StripTags` Moderate
GHSA-gwpm-pm6x-h7rj was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework Potential Cross-site Scripting in Development Environment Error View Script Moderate
GHSA-g52p-86j5-xr8q was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework potential Cross-site Scripting vectors due to inconsistent encodings Moderate
GHSA-hg35-vqp3-fv39 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework potential Cross-site Scripting vector in `Zend_Dojo_View_Helper_Editor` Moderate
GHSA-j543-vg33-g6vj was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework has potential Cross-site Scripting vector in multiple view helpers Moderate
GHSA-m7hr-j867-3f34 was published for zendframework/zend-view (Composer) Jun 7, 2024
ZendFramework vulnerable to Cross-site Scripting Moderate
GHSA-5gmf-3c43-q73v was published for zendframework/zendframework (Composer) Jun 7, 2024
Zendframework has potential Cross-site Scripting vector in multiple view helpers Moderate
GHSA-8q77-cv62-jj38 was published for zendframework/zendframework (Composer) Jun 7, 2024
TYPO3 Cross-Site Scripting in Frontend User Login Moderate
GHSA-2rcw-9hrm-8q7q was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Cross-Site Scripting in Backend Modal Component Moderate
GHSA-7q33-hxwj-7p8v was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Cross-Site Scripting in Online Media Asset Rendering Moderate
GHSA-8m6j-p5jv-v69w was published for typo3/cms (Composer) Jun 7, 2024
Cross-site scripting (XSS) vulnerability in Description metadata Moderate
CVE-2024-37160 was published for getformwork/formwork (Composer) Jun 7, 2024
Kyokito1412
TYPO3 Cross-Site Scripting in Form Framework validation handling Moderate
GHSA-v8m4-3w37-ghxx was published for typo3/cms (Composer) Jun 7, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database