Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

3,887 advisories

Loading
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane Moderate
CVE-2024-35218 was published for UmbracoCms.Core (NuGet) May 21, 2024
RaphaelCSSilva
AVideo cross-site scripting vulnerability in the view/about.php page Moderate
CVE-2024-34899 was published for wwbn/avideo (Composer) May 20, 2024
Passbolt API Stored XSS on first/last name during setup High
GHSA-2f46-4xjm-73x5 was published for passbolt/passbolt_api (Composer) May 20, 2024
Passbolt Api E-mail HTML injection Moderate
GHSA-v86m-j5f7-ccwh was published for passbolt/passbolt_api (Composer) May 20, 2024
Cross-site Scripting vulnerabilities in Neos High
GHSA-6cj3-rc4p-f38f was published for neos/neos (Composer) May 17, 2024
Laravel Cross-site Scripting (XSS) vulnerability in blade templating Moderate
GHSA-vr95-p7q6-8m9q was published for laravel/framework (Composer) May 15, 2024
Laravel Cross-site Scripting vulnerability in blade templating Moderate
GHSA-297g-xg4h-7w4c was published for illuminate/view (Composer) May 15, 2024
eZ Platform Admin UI is vulnerable to Cross-site Scripting (XSS) Moderate
GHSA-w9p3-26fx-5mp3 was published for ezsystems/platform-ui-assets-bundle (Composer) May 15, 2024
eZ Publish Legacy Cross-site Scripting (XSS) in 'disabled module' error template Moderate
GHSA-2vh3-cj9j-mcj5 was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
eZ Platform Admin UI Cross-site Scripting vulnerability High
GHSA-q73v-79x3-jv2w was published for ezsystems/ezplatform-admin-ui (Composer) May 15, 2024
eZ Platform Editor Cross-site Scripting (XSS) Moderate
GHSA-4c2w-v5rq-5mx7 was published for ezsystems/ezplatform-admin-ui-assets (Composer) May 15, 2024
Cross-site Scripting in eZFind spellcheck High
GHSA-9cq2-pcgr-8h62 was published for ezsystems/ezfind-ls (Composer) May 15, 2024
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS High
GHSA-jq9q-6p42-qpr7 was published for ezsystems/ezdemo-ls-extension (Composer) May 15, 2024
Drupal Cross-Site Scripting (XSS) affecting CKEditor Third-party library Moderate
GHSA-qf65-hph9-453r was published for drupal/drupal (Composer) May 15, 2024
Drupal core Cross-Site Scripting (XSS) vulnerabilities Moderate
GHSA-vfgc-c76h-mwh4 was published for drupal/core (Composer) May 15, 2024
Inadequate XSS Prevention in CodeIgniter/Framework Security Library Moderate
GHSA-q9j3-4ghj-6h57 was published for codeigniter/framework (Composer) May 15, 2024
Mautic is vulnerable to XSS vulnerability Critical
CVE-2020-35125 was published for mautic/core (Composer) May 15, 2024
nvn1729
Grafana Spoofing originalUrl of snapshots Moderate
CVE-2022-39324 was published for github.com/grafana/grafana (Go) May 14, 2024
r3kumar
Grafana Stored Cross-site Scripting in Unified Alerting Moderate
CVE-2022-31097 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana proxy Cross-site Scripting Moderate
CVE-2022-21702 was published for github.com/grafana/grafana (Go) May 14, 2024
PrestaShop cross-site scripting via customer contact form in FO, through file upload Critical
CVE-2024-34716 was published for prestashop/prestashop (Composer) May 14, 2024
matthieu-rolland aelmokhtar
TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController Moderate
CVE-2024-34357 was published for typo3/cms-core (Composer) May 14, 2024
derhansen ohader
TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module Moderate
CVE-2024-34356 was published for typo3/cms-core (Composer) May 14, 2024
bnf
TYPO3 vulnerable to an HTML Injection in the History Module Low
CVE-2024-34355 was published for typo3/cms-core (Composer) May 14, 2024
andreaskienast bnf
Konga is vulnerable to Cross Site Scripting (XSS) attacks Moderate
CVE-2024-34243 was published for kongadmin (npm) May 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database