Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,781 advisories

Loading
Bolt Cross-site Scripting (XSS) via text input click preview button Moderate
CVE-2018-19933 was published for bolt/bolt (Composer) May 14, 2022
Dolibarr stored cross-site scripting (XSS) vulnerability Moderate
CVE-2018-19995 was published for dolibarr/dolibarr (Composer) May 14, 2022
Dolibarr reflected cross-site scripting (XSS) vulnerability Moderate
CVE-2018-19993 was published for dolibarr/dolibarr (Composer) May 14, 2022
Dolibarr stored cross-site scripting (XSS) vulnerability Moderate
CVE-2018-19992 was published for dolibarr/dolibarr (Composer) May 14, 2022
CSRF in PHP Server Monitor before 3.3.2 Moderate
CVE-2018-18921 was published for phpservermon/phpservermon (Composer) May 14, 2022
Dolibarr ERP and CRM contain XSS Vulnerability Moderate
CVE-2018-19799 was published for dolibarr/dolibarr (Composer) May 14, 2022
Microweber XSS Vulnerability Moderate
CVE-2018-1000826 was published for microweber/microweber (Composer) May 14, 2022
PHP League CommonMark vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2018-20583 was published for league/commonmark (Composer) May 14, 2022
jhutchings1
Fork CMS XSS Vulnerability Moderate
CVE-2018-20682 was published for forkcms/forkcms (Composer) May 14, 2022
Croogo vulnerable to Cross-site Scripting in title field Moderate
CVE-2019-7173 was published for croogo/croogo (Composer) May 14, 2022
Croogo vulnerable to XSS in title field Moderate
CVE-2019-7169 was published for croogo/croogo (Composer) May 14, 2022
Croogo vulnerable to XSS in title field Moderate
CVE-2019-7171 was published for croogo/croogo (Composer) May 14, 2022
Croogo vulnerable to XSS in title field Moderate
CVE-2019-7170 was published for croogo/croogo (Composer) May 14, 2022
Croogo vulnerable to XSS in Blog field Moderate
CVE-2019-7168 was published for croogo/croogo (Composer) May 14, 2022
EC-CUBE Open redirect vulnerability Moderate
CVE-2018-16191 was published for ec-cube/ec-cube (Composer) May 14, 2022
xnuinside
MODX Revolution vulnerable to XSS attack through its User Photo field Moderate
CVE-2018-20755 was published for modx/revolution (Composer) May 14, 2022
MODX Revolution allows XSS through extended user fields Moderate
CVE-2018-20757 was published for modx/revolution (Composer) May 14, 2022
MODX Revolution allows XSS via document resources Moderate
CVE-2018-20756 was published for modx/revolution (Composer) May 14, 2022
Yii Incorrectly Implements CORS Moderate
CVE-2018-20745 was published for yiisoft/yii2 (Composer) May 14, 2022
Kirby XSS Vulnerability Moderate
CVE-2018-16630 was published for getkirby/kirby (Composer) May 14, 2022
Subrion CMS XSS Moderate
CVE-2018-16629 was published for intelliants/subrion (Composer) May 14, 2022
Evolution CMS Stored Cross-site Scripting (XSS) Moderate
CVE-2018-16637 was published for evolutioncms/evolution (Composer) May 14, 2022
Evolution CMS Cross-site Scripting (XSS) Moderate
CVE-2018-16638 was published for evolutioncms/evolution (Composer) May 14, 2022
Dolibarr Stored Cross-site Scripting in expensereport/card.php Moderate
CVE-2018-16808 was published for dolibarr/dolibarr (Composer) May 14, 2022
Symfony Open Redirect Moderate
CVE-2017-16652 was published for symfony/security (Composer) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database