GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,024
Maven
5,000+
npm
3,731
NuGet
662
pip
3,407
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
98 advisories
Filter by severity
XSS in enshrined/svg-sanitize due to mishandled script and data values in attributes
High
CVE-2019-18857
was published
for
enshrined/svg-sanitize
(Composer)
Jan 8, 2020
Cross-site scripting in eZ Platform Kernel
High
GHSA-mrvj-7q4f-5p42
was published
for
ezsystems/ezplatform-kernel
(Composer)
Mar 19, 2021
Inline attribute values were not processed.
High
CVE-2020-15263
was published
for
orchid/platform
(Composer)
Oct 19, 2020
Potential XSS injection In PrestaShop contactform
High
CVE-2020-15178
was published
for
prestashop/contactform
(Composer)
Sep 15, 2020
Cross-site scripting from content entered in the tags and multiselect fields
High
GHSA-rv3r-vqjj-8c76
was published
for
getkirby/cms
(Composer)
Aug 30, 2022
Cross-site Scripting in microweber
High
CVE-2022-0930
was published
for
microweber/microweber
(Composer)
Mar 13, 2022
Stored Cross-site Scripting in grav
High
CVE-2022-0970
was published
for
getgrav/grav
(Composer)
Mar 16, 2022
Cross-site Scripting in TastyIgniter
High
CVE-2022-0602
was published
for
tastyigniter/tastyigniter
(Composer)
Apr 6, 2022
Persistent Cross-site Scripting vulnerability in PrivateBin
High
CVE-2022-24833
was published
for
privatebin/privatebin
(Composer)
Apr 12, 2022
Possible cross-site scripting attack via unsanitized SVG files in FoF Upload
High
CVE-2022-30999
was published
for
fof/upload
(Composer)
May 25, 2022
The filename of uploaded files vulnerable to stored XSS
High
CVE-2020-4041
was published
for
bolt/bolt
(Composer)
Jun 9, 2020
Cross-site scripting (XSS) from unsanitized uploaded SVG files in Kirby
High
CVE-2021-29460
was published
for
getkirby/cms
(Composer)
Apr 30, 2021
Improper Neutralization of Text-Values in Object Version Preview
High
CVE-2021-39166
was published
for
pimcore/pimcore
(Composer)
Sep 1, 2021
Improper Encoding or Escaping of Output in Asset Metadata Component
High
CVE-2021-39170
was published
for
pimcore/pimcore
(Composer)
Sep 1, 2021
Cross-Site Scripting via SVG media files
High
CVE-2021-37710
was published
for
shopware/core
(Composer)
Aug 23, 2021
Cross-site Scripting in snipe/snipe-it
High
CVE-2021-3961
was published
for
snipe/snipe-it
(Composer)
Nov 23, 2021
Cross-site scripting vulnerability in file upload
High
CVE-2021-39136
was published
for
baserproject/basercms
(Composer)
Aug 30, 2021
kimai2 is vulnerable to Cross-site Scripting
High
CVE-2021-3985
was published
for
kevinpapst/kimai2
(Composer)
Dec 3, 2021
Cross-site Scripting in librenms/librenms
High
CVE-2022-4068
was published
for
librenms/librenms
(Composer)
Nov 20, 2022
phpMyFAQ vulnerable to Cross-site Scripting
High
CVE-2022-3608
was published
for
phpmyfaq/phpmyfaq
(Composer)
Oct 19, 2022
Sandbox bypass in Latte templates
High
CVE-2022-21648
was published
for
latte/latte
(Composer)
Jan 6, 2022
Cross-site Scripting in HTML2PDF
High
CVE-2021-45394
was published
for
spipu/html2pdf
(Composer)
Jan 21, 2022
Cross-site Scripting in Microweber
High
CVE-2022-0719
was published
for
microweber/microweber
(Composer)
Feb 24, 2022
Cross-site Scripting in microweber
High
CVE-2022-0690
was published
for
microweber/microweber
(Composer)
Feb 20, 2022
ProTip!
Advisories are also available from the
GraphQL API