Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,886 advisories

Loading
Pimcore Cross-site Scripting (XSS) vulnerability in DataObject datetime fields Moderate
CVE-2023-4453 was published for pimcore/pimcore (Composer) Aug 21, 2023
NodCMS Cross Site Scripting vulnerability Moderate
CVE-2020-20697 was published for khodakhah/nodcms (Composer) Jun 20, 2023
Withdrawn Advisory: October Cross-site Scripting vulnerability Moderate
CVE-2023-43876 was published for october/cms (Composer) Sep 28, 2023 withdrawn
daftspunk
Credited to daftspunk
Badaso vulnerable to cross-site scripting Moderate
CVE-2023-38970 was published for uasoft-indonesia/badaso (Composer) Aug 31, 2023
Duplicate Advisory: Cross-site Scripting (XSS) in name field of Custom Reports Moderate
GHSA-6gp6-xj27-g89q was published for pimcore/pimcore (Composer) May 10, 2023 withdrawn
RosarioSIS improper access control vulnerability Moderate
CVE-2023-2202 was published for francoisjacquet/rosariosis (Composer) Apr 21, 2023
Cross Site Scripting in nilsteampassnet/teampass Moderate
CVE-2023-2516 was published for nilsteampassnet/teampass (Composer) May 5, 2023
Duplicate Advisory: Cross-site Scripting (XSS) in Predefined Properties delete Moderate
GHSA-j93v-cx26-2xc4 was published for pimcore/pimcore (Composer) May 10, 2023 withdrawn
Duplicate Advisory: Pimcore Cross-site Scripting (XSS) in Static Routes name field Moderate
GHSA-g947-422m-hr7p was published for pimcore/pimcore (Composer) May 10, 2023 withdrawn
Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq Moderate
CVE-2023-5866 was published for thorsten/phpmyfaq (Composer) Oct 31, 2023
Cross-site Scripting (XSS) in thorsten/phpmyfaq Moderate
CVE-2023-5867 was published for thorsten/phpmyfaq (Composer) Oct 31, 2023
phpMyFAQ Cross-site Scripting vulnerability Moderate
CVE-2023-5863 was published for thorsten/phpmyfaq (Composer) Oct 31, 2023
Cross-site Scripting (XSS) in microweber/microweber Moderate
CVE-2023-5861 was published for microweber/microweber (Composer) Oct 31, 2023
Craft CMS stored XSS in review volume Moderate
CVE-2023-33196 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
Credited to WhiteBearVN
Craft CMS stored XSS in indexedVolumes Moderate
CVE-2023-33197 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
Credited to WhiteBearVN
OroCommerce Cross-site Scripting vulnerability in add note dialog of Shopping List line item Moderate
CVE-2022-35950 was published for oro/commerce (Composer) Oct 10, 2023
pimcore/admin-ui-classic-bundle Cross-site Scripting vulnerability in Translations Moderate
CVE-2023-42817 was published for pimcore/admin-ui-classic-bundle (Composer) Sep 25, 2023
limenet
Credited to limenet
ImpressCMS Cross-site Scripting vulnerability Moderate
CVE-2023-37785 was published for impresscms/impresscms (Composer) Jul 13, 2023
baserCMS Code Injection Vulnerability in Mail Form Feature Moderate
CVE-2023-43792 was published for baserproject/basercms (Composer) Oct 26, 2023
Craft CMS vulnerable to HTML injection Moderate
CVE-2023-33495 was published for craftcms/cms (Composer) Jun 20, 2023
ke_search (aka Faceted Search) vulnerable to Cross-Site Scripting Moderate
CVE-2023-35783 was published for tpwd/ke_search (Composer) Jun 16, 2023
hCaptcha for EXT:form Broken Access Control vulnerability Moderate
CVE-2023-41100 was published for waldhacker/hcaptcha (Composer) Aug 23, 2023
Spipu HTML2PDF vulnerable to cross-site scripting Moderate
CVE-2023-39062 was published for spipu/html2pdf (Composer) Aug 28, 2023
Cross-site Scripting (XSS) in dolibarr/dolibarr Moderate
CVE-2023-5842 was published for dolibarr/dolibarr (Composer) Oct 30, 2023
baserCMS Cross-site Scripting Vulnerability in Favorites Feature Moderate
CVE-2023-29009 was published for baserproject/basercms (Composer) Oct 26, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database