Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,690 advisories

Loading
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-6484 was published for bootstrap (RubyGems) Jul 11, 2024 withdrawn
metametadata
YesWiki Cross Site Scripting vulnerability Moderate
CVE-2025-52277 was published for yeswiki/yeswiki (Composer) Sep 9, 2025
Shopware: Reflective Cross Site-Scripting (XSS) in CMS components High
GHSA-9v82-vcjx-m76j was published for shopware/core (Composer) Sep 10, 2025
Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add Moderate
CVE-2025-9823 was published for mautic/core (Composer) Sep 3, 2025
nmmorette kuzmany
patrykgruszka
Symfony UX allows unsanitized HTML attribute injection via ComponentAttributes Moderate
CVE-2025-47946 was published for symfony/ux-live-component (Composer) May 19, 2025
DRaichev mhlozek
smnandre
UnoPim has Stored Cross-site Scripting vulnerability in user creation functionality Moderate
CVE-2025-55742 was published for unopim/unopim (Composer) Aug 21, 2025
sn1p3rt3s7
MoonShine Arbitrary File Upload Vulnerability Moderate
CVE-2025-51489 was published for moonshine/moonshine (Composer) Aug 19, 2025
moonshine Stored Cross-Site Scripting Vulnerability in Create Admin Moderate
CVE-2025-51488 was published for moonshine/moonshine (Composer) Aug 19, 2025
moonshine Stored Cross-Site Scripting Vulnerability in Create Article Moderate
CVE-2025-51487 was published for moonshine/moonshine (Composer) Aug 19, 2025
LibreNMS allows stored XSS in Alert Template name field Moderate
CVE-2025-55296 was published for librenms/librenms (Composer) Aug 18, 2025
at4111
Magento Cross-site Scripting vulnerability High
CVE-2025-49557 was published for magento/community-edition (Composer) Aug 12, 2025
phpMyFAQ Vulnerable to Stored HTML Injection at FAQ Moderate
CVE-2024-56199 was published for phpmyfaq/phpmyfaq (Composer) Jan 2, 2025
geo-chen
svg-sanitizer Bypasses Attribute Sanitization Moderate
CVE-2025-55166 was published for enshrined/svg-sanitize (Composer) Aug 12, 2025
ohader realazizk
Bagist Cross-site Scripting vulnerability Moderate
CVE-2024-27499 was published for bagisto/bagisto (Composer) Mar 1, 2024
Concrete CMS is vulnerable to Stored XSS from Home Folder on Members Dashboard page Low
CVE-2025-8573 was published for concrete5/concrete5 (Composer) Aug 6, 2025
Concrete CMS vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page Moderate
CVE-2025-8571 was published for concrete5/concrete5 (Composer) Aug 6, 2025
Microweber XSS Vulnerability in the homepage Endpoint Moderate
CVE-2025-51504 was published for microweber/microweber (Composer) Aug 1, 2025
Microweber has Reflected XSS Vulnerability in the layout Parameter Moderate
CVE-2025-51502 was published for microweber/microweber (Composer) Aug 1, 2025
Microweber has Reflected XSS Vulnerability in the id Parameter Moderate
CVE-2025-51501 was published for microweber/microweber (Composer) Aug 1, 2025
Microweber Has Stored XSS Vulnerability in User Profile Fields Low
CVE-2025-51503 was published for microweber/microweber (Composer) Jul 31, 2025
Withdrawn Advisory: CodeIgniter4 Cross-Site Scripting Vulnerability in debugbar_time Parameter Moderate
CVE-2025-45406 was published for codeigniter4/framework (Composer) Jul 25, 2025 withdrawn
michalsn
MODX Revolution vulnerable to XSS attack through its User Photo field Moderate
CVE-2018-20755 was published for modx/revolution (Composer) May 14, 2022
MODX Revolution allows XSS via document resources Moderate
CVE-2018-20756 was published for modx/revolution (Composer) May 14, 2022
MODX Revolution allows XSS through extended user fields Moderate
CVE-2018-20757 was published for modx/revolution (Composer) May 14, 2022
MODX vulnerability allows for XSS via user settings parameters Moderate
CVE-2018-20758 was published for modx/revolution (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database