Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

4,097 advisories

Loading
Injection of arbitrary HTML/JavaScript code through the media download URL Moderate
CVE-2024-47617 was published for sulu/sulu (Composer) Oct 3, 2024
Cross-site Scripting via uploaded SVG Moderate
CVE-2024-47618 was published for sulu/sulu (Composer) Oct 3, 2024
Drupal Full Path Disclosure Moderate
CVE-2024-45440 was published for drupal/core (Composer) Aug 29, 2024
cmlara longwave
Contao allows admin an account to upload SVG file containing malicious JavaScript Low
CVE-2024-45965 was published for contao/contao (Composer) Oct 2, 2024
Zenario Cross Site Scripting in the Image library Low
CVE-2024-45964 was published for tribalsystems/zenario (Composer) Oct 2, 2024
October allows an admin account to upload PDF containing malicious JavaScript Low
CVE-2024-45962 was published for october/october (Composer) Oct 2, 2024
Zenario allows authenticated admin users to upload PDF files containing malicious code Low
CVE-2024-45960 was published for tribalsystems/zenario (Composer) Oct 2, 2024
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder High
CVE-2021-27916 was published for mautic/core (Composer) Apr 12, 2024
adiux mollux
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload Low
CVE-2024-47528 was published for librenms/librenms (Composer) Oct 1, 2024
minhnq1618
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature Moderate
CVE-2024-47527 was published for librenms/librenms (Composer) Oct 1, 2024
RaphaelCSS RaphaelCSSilva
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name High
CVE-2024-47524 was published for librenms/librenms (Composer) Oct 1, 2024
minhnq1618
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature Moderate
CVE-2024-47523 was published for librenms/librenms (Composer) Oct 1, 2024
RaphaelCSS RaphaelCSSilva
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature Low
CVE-2024-47526 was published for librenms/librenms (Composer) Oct 1, 2024
RaphaelCSS RaphaelCSSilva
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature Moderate
CVE-2024-47525 was published for librenms/librenms (Composer) Oct 1, 2024
RaphaelCSS RaphaelCSSilva
Pagekit Cross-site Scripting vulnerability Moderate
CVE-2024-45967 was published for pagekit/pagekit (Composer) Oct 1, 2024
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field Moderate
CVE-2024-47536 was published for starcitizentools/citizen-skin (Composer) Sep 30, 2024
BlankEclair
Cross site scripting in Concrete CMS Low
CVE-2024-8291 was published for concrete5/concrete5 (Composer) Sep 25, 2024
Cross site scripting in Concrete CMS Low
CVE-2024-7398 was published for concrete5/concrete5 (Composer) Sep 25, 2024
MantisBT vulnerable to information disclosure with user profiles Moderate
CVE-2024-45792 was published for mantisbt/mantisbt (Composer) Sep 30, 2024
c-schmitz dregad
Mautic vulnerable to stored cross-site scripting in description field High
CVE-2021-27915 was published for mautic/core (Composer) Apr 11, 2024
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting Critical
CVE-2024-47186 was published for filament/infolists (Composer) Sep 27, 2024
sv-LayZ danharrin
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field) Moderate
CVE-2024-47058 was published for mautic/core (Composer) Sep 18, 2024
lenonleite escopecz
powermail TYPO3 extension has Insecure Direct Object Reference Moderate
CVE-2024-47047 was published for in2code/powermail (Composer) Sep 17, 2024
czim/file-handling vulnerable to SSRF and directory traversal Moderate
CVE-2024-47049 was published for czim/file-handling (Composer) Sep 17, 2024
Mautic vulnerable to XSS in contact/company tracking (no authentication) Moderate
CVE-2024-47050 was published for mautic/core (Composer) Sep 18, 2024
mqrtin patrykgruszka
lenonleite escopecz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database