GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,357 advisories
Filter by severity
Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS
Moderate
CVE-2024-47765
was published
for
dev-lancer/minecraft-motd-parser
(Composer)
Oct 4, 2024
Injection of arbitrary HTML/JavaScript code through the media download URL
Moderate
CVE-2024-47617
was published
for
sulu/sulu
(Composer)
Oct 3, 2024
Cross-site Scripting via uploaded SVG
Moderate
CVE-2024-47618
was published
for
sulu/sulu
(Composer)
Oct 3, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature
Moderate
CVE-2024-47523
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature
Moderate
CVE-2024-47525
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature
Moderate
CVE-2024-47527
was published
for
librenms/librenms
(Composer)
Oct 1, 2024
Pagekit Cross-site Scripting vulnerability
Moderate
CVE-2024-45967
was published
for
pagekit/pagekit
(Composer)
Oct 1, 2024
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field
Moderate
CVE-2024-47536
was published
for
starcitizentools/citizen-skin
(Composer)
Sep 30, 2024
MantisBT vulnerable to information disclosure with user profiles
Moderate
CVE-2024-45792
was published
for
mantisbt/mantisbt
(Composer)
Sep 30, 2024
IDOR vulnerability in account profile page
Moderate
CVE-2024-39319
was published
for
aimeos/ai-controller-frontend
(Composer)
Sep 26, 2024
Mautic allows users enumeration due to weak password login
Moderate
CVE-2024-47059
was published
for
mautic/core
(Composer)
Sep 18, 2024
Mautic has an XSS in contact tracking and page hits report
Moderate
CVE-2021-27917
was published
for
mautic/core
(Composer)
Sep 18, 2024
Mautic vulnerable to XSS in contact/company tracking (no authentication)
Moderate
CVE-2024-47050
was published
for
mautic/core
(Composer)
Sep 18, 2024
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
Moderate
CVE-2024-47058
was published
for
mautic/core
(Composer)
Sep 18, 2024
Concrete CMS stored XSS vulnerability in the "Top Navigator Bar" block
Moderate
CVE-2024-8660
was published
for
concrete5/concrete5
(Composer)
Sep 17, 2024
Kimai has an XXE Leading to Local File Read
Moderate
GHSA-534c-hcr7-67jg
was published
for
kimai/kimai
(Composer)
Sep 17, 2024
Wire UI has a JS XSS Vulnerability on route /wireui/button?label=Content
Moderate
CVE-2024-45803
was published
for
wireui/wireui
(Composer)
Sep 17, 2024
czim/file-handling vulnerable to SSRF and directory traversal
Moderate
CVE-2024-47049
was published
for
czim/file-handling
(Composer)
Sep 17, 2024
powermail TYPO3 extension has Insecure Direct Object Reference
Moderate
CVE-2024-47047
was published
for
in2code/powermail
(Composer)
Sep 17, 2024
Contao affected by insert tag injection via canonical URL
Moderate
CVE-2024-45612
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
Contao affected by directory traversal in the file selector widget
Moderate
CVE-2024-45604
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
Concrete CMS Stored XSS in the "Next&Previous Nav" block
Moderate
CVE-2024-8661
was published
for
concrete5/concrete5
(Composer)
Sep 16, 2024
Craft CMS vulnerable to stored XSS in breadcrumb list and title fields
Moderate
CVE-2024-45406
was published
for
craftcms/cms
(Composer)
Sep 9, 2024
Httpful is Missing Certificate Validation
Moderate
GHSA-gcfg-hmwx-wq5h
was published
for
nategood/httpful
(Composer)
Sep 9, 2024
"powermail" (powermail) Insecure Direct Object Reference (IDOR)
Moderate
CVE-2024-45232
was published
for
in2code/powermail
(Composer)
Aug 29, 2024
ProTip!
Advisories are also available from the
GraphQL API