Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

37,022 advisories

Loading
Cross-site Scripting in LaraCMS Moderate
CVE-2020-20129 was published for wanglelecc/laracms (Composer) Oct 4, 2021
Cross-site scripting in Centreon Moderate
CVE-2021-27676 was published for centreon/centreon (Composer) Jun 8, 2021
Cross-site Scripting in TYPO3 extension Moderate
CVE-2021-36785 was published for miniorange/miniorange-saml (Composer) Aug 30, 2021
Cross-site scripting in demos/demo.mysqli.php in getID3 Moderate
CVE-2021-40926 was published for james-heinrich/getid3 (Composer) Oct 4, 2021
Improper Neutralization of Text-Values in Object Version Preview High
CVE-2021-39166 was published for pimcore/pimcore (Composer) Sep 1, 2021
Improper Encoding or Escaping of Output in Asset Metadata Component High
CVE-2021-39170 was published for pimcore/pimcore (Composer) Sep 1, 2021
Cross-site Scripting in jsoneditor Moderate
CVE-2020-23849 was published for jsoneditor (npm) Oct 12, 2021
Cross-site Scripting in Mermaid Moderate
CVE-2021-35513 was published for mermaid (npm) Dec 10, 2021
Cross-site Scripting in GilaCMS Moderate
CVE-2020-20696 was published for gilacms/gila (Composer) Sep 30, 2021
Cross Site Scripting in Microweber Moderate
CVE-2021-33988 was published for microweber/microweber (Composer) Oct 25, 2021
XSS Injection in Media Collection Title was possible Moderate
CVE-2021-32737 was published for sulu/sulu (Composer) Jul 2, 2021
XSS vulnerability allowing arbitrary JavaScript execution Moderate
CVE-2021-41174 was published for @grafana/data (npm) Nov 8, 2021
Cross-site Scripting in tempura Moderate
CVE-2021-23784 was published for tempura (npm) Nov 8, 2021
Cross-site scripting in anchorme Moderate
CVE-2021-23411 was published for anchorme (npm) Jul 26, 2021
Cross-site Scripting in Froala Editor Moderate
CVE-2021-30109 was published for froala-editor (npm) Oct 6, 2021
Stored XSS with custom URLs in PrestaShop module ps_linklist Moderate
CVE-2020-5273 was published for prestashop/ps_linklist (Composer) Oct 12, 2021
Cross-site Scripting in teddy Moderate
CVE-2021-23447 was published for teddy (npm) Oct 12, 2021
Cross-site scripting (XSS) from image block content in the site frontend Moderate
CVE-2021-41258 was published for getkirby/cms (Composer) Nov 16, 2021
azrultech
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in sulu/sulu Moderate
CVE-2021-41169 was published for sulu/sulu (Composer) Oct 22, 2021
Cross-site Scripting in snipe-it Moderate
CVE-2021-3879 was published for snipe/snipe-it (Composer) Oct 21, 2021
Cross-site scripting in forkcms Moderate
CVE-2020-23049 was published for forkcms/forkcms (Composer) Oct 25, 2021
Cross-Site Scripting via SVG media files High
CVE-2021-37710 was published for shopware/core (Composer) Aug 23, 2021
Cross-site Scripting in PiranhaCMS Moderate
CVE-2021-25977 was published for Piranha (NuGet) Oct 27, 2021
Claroline 13.5.7 and prior is vulnerable to Cross Site Scripting (XSS) via SVG file upload. Moderate Unreviewed
CVE-2022-37161 was published Aug 26, 2022
XSS vulnerability in GraphQL Playground from untrusted schemas High
CVE-2021-41249 was published for graphql-playground-react (npm) Nov 8, 2021
Ry0taK
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database