Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,489
Maven
5,000+
npm
4,105
NuGet
735
pip
3,927
Pub
12
RubyGems
945
Rust
1,017
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,857 advisories

Loading
Ibexa Admin UI assets XSS vulnerabilities in back office Moderate
GHSA-vhgq-r8gx-5fpv was published for ibexa/admin-ui-assets (Composer) Jun 13, 2025
Ibexa eZ Platform Admin UI assets XSS vulnerabilities in back office Moderate
GHSA-r5rx-53g9-25rj was published for ezsystems/ezplatform-admin-ui-assets (Composer) Jun 13, 2025
Ibexa eZ Platform Admin UI XSS vulnerabilities in back office Moderate
GHSA-r7pm-mw8g-p7px was published for ezsystems/ezplatform-admin-ui (Composer) Jun 13, 2025
starcitizentools/citizen-skin allows stored XSS in user registration date message Moderate
CVE-2025-49578 was published for starcitizentools/citizen-skin (Composer) Jun 13, 2025
SomeMWDev
starcitizentools/citizen-skin allows stored XSS in menu heading message Moderate
CVE-2025-49579 was published for starcitizentools/citizen-skin (Composer) Jun 13, 2025
SomeMWDev
starcitizentools/citizen-skin allows stored XSS in preference menu heading messages Moderate
CVE-2025-49577 was published for starcitizentools/citizen-skin (Composer) Jun 13, 2025
SomeMWDev
starcitizentools/citizen-skin allows stored XSS in search no result messages Moderate
CVE-2025-49576 was published for starcitizentools/citizen-skin (Composer) Jun 13, 2025
SomeMWDev
Citizen skin vulnerable to stored XSS through multiple system messages Moderate
CVE-2025-49575 was published for starcitizentools/citizen-skin (Composer) Jun 11, 2025
SomeMWDev
HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter Moderate
CVE-2025-49138 was published for elmsln/haxcms (Composer) Jun 9, 2025
Indigo-10
MantisBT XSS through weak CSP when using Gravatar plugin Moderate
CVE-2016-7111 was published for mantisbt/mantisbt (Composer) May 17, 2022
MantisBT XSS via adm_config_report.php's action parameter Moderate
CVE-2017-6973 was published for mantisbt/mantisbt (Composer) May 17, 2022
MantisBT XSS via move_attachments_page.php Moderate
CVE-2017-7241 was published for mantisbt/mantisbt (Composer) May 17, 2022
Drupal Admin Audit Trail Allocation of Resources Without Limits or Throttling vulnerability High
CVE-2025-48448 was published for drupal/admin_audit_trail (Composer) Jun 11, 2025
Drupal Lightgallery Cross-site Scripting vulnerability Moderate
CVE-2025-48447 was published for drupal/lightgallery (Composer) Jun 11, 2025
Drupal Quick Node Block Missing Authorization vulnerability Moderate
CVE-2025-48444 was published for drupal/quick_node_block (Composer) Jun 11, 2025
Drupal Commerce Alphabank Redirect Incorrect Authorization vulnerability High
CVE-2025-48446 was published for drupal/commerce_alphabank_redirect (Composer) Jun 11, 2025
Drupal Commerce Eurobank (Redirect) Incorrect Authorization vulnerability High
CVE-2025-48445 was published for drupal/commerce_eurobank_redirect (Composer) Jun 11, 2025
Drupal Quick Node Block Missing Authorization vulnerability Moderate
CVE-2025-48013 was published for drupal/quick_node_block (Composer) Jun 11, 2025
MantisBT XSS through crafted SVG documents in file_download.php Moderate
CVE-2022-33910 was published for mantisbt/mantisbt (Composer) Jun 25, 2022
MantisBT vulnerable to XSS through config_option parameter in adm_config_report.php Moderate
CVE-2017-7309 was published for mantisbt/mantisbt (Composer) May 17, 2022
MantisBT vulnerable to XSS via unsanitized filter field in manage_user_page.php Moderate
CVE-2017-12062 was published for mantisbt/mantisbt (Composer) May 17, 2022
MantisBT vulnerable to XSS via unescaped output in browser_search_plugin.php Moderate
CVE-2022-28508 was published for mantisbt/mantisbt (Composer) May 5, 2022
MantisBT vulnerable to XSS due to improper escape in manage_plugin_page.php and manage_plugin_uninstall.php Moderate
CVE-2022-26144 was published for mantisbt/mantisbt (Composer) Apr 14, 2022
Hax CMS Stored Cross-Site Scripting vulnerability High
CVE-2025-49137 was published for elmsln/haxcms (Composer) Jun 9, 2025
lfgberg asareynolds
MantisBT Insufficient Session Expiration cookie string not reset after logout High
CVE-2009-20001 was published for mantisbt/mantisbt (Composer) Apr 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database