GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,726
Composer 4,023
Erlang 29
GitHub Actions 16
Go 1,830
Maven 5,045
npm 3,573
NuGet 632
pip 3,156
Pub 10
RubyGems 847
Rust 796
Swift 34

Unreviewed advisories

All unreviewed 224,712

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

2,318 advisories

Filter by severity

Sort by

Least recently updated

Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs Moderate

CVE-2024-41676 was published for openmage/magento-lts (Composer) Jul 29, 2024

ProcessWire Cross Site Request Forgery vulnerability Moderate

CVE-2024-41597 was published for processwire/processwire (Composer) Jul 19, 2024

Magento Open Source Incorrect Authorization vulnerability Moderate

CVE-2024-34106 was published for magento/community-edition (Composer) Jun 13, 2024

Magento Open Source Cross-Site Scripting (XSS) vulnerability Moderate

CVE-2024-34105 was published for magento/community-edition (Composer) Jun 13, 2024

Magento Open Source Server-Side Request Forgery (SSRF) vulnerability Moderate

CVE-2024-34111 was published for magento/community-edition (Composer) Jun 13, 2024

Magento Open Source Improper Access Control vulnerability Moderate

CVE-2024-34107 was published for magento/community-edition (Composer) Jun 13, 2024

ShopXO Server-Side Request Forgery Vulnerability Moderate

CVE-2024-6524 was published for shopxo/shopxo (Composer) Jul 5, 2024

Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel Moderate

CVE-2024-34349 was published for sylius/sylius (Composer) May 10, 2024

Microweber Reflected Cross-site scripting (XSS) vulnerability Moderate

CVE-2024-40101 was published for microweber/microweber (Composer) Aug 6, 2024

Microweber Cross Site Scripting (XSS) vulnerability Moderate

CVE-2024-41380 was published for microweber/microweber (Composer) Aug 5, 2024

dcat-admin Cross Site Scripting vulnerability Moderate

CVE-2024-29644 was published for dcat/laravel-admin (Composer) Mar 26, 2024

Bootstrap vulnerable to Cross-Site Scripting (XSS) Moderate

CVE-2018-14040 was published for bootstrap (RubyGems) May 13, 2022

Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate

CVE-2024-6531 was published for bootstrap (RubyGems) Jul 11, 2024

Bootstrap Cross-Site Scripting (XSS) vulnerability Moderate

CVE-2024-6484 was published for bootstrap (RubyGems) Jul 11, 2024

bootstrap Cross-site Scripting vulnerability Moderate

CVE-2018-20677 was published for bootstrap (RubyGems) Jan 17, 2019

Bootstrap Cross-site Scripting vulnerability Moderate

CVE-2018-14042 was published for bootstrap (RubyGems) Sep 13, 2018

Bootstrap Cross-site Scripting vulnerability Moderate

CVE-2016-10735 was published for bootstrap (RubyGems) Jan 17, 2019

XSS vulnerability that affects bootstrap Moderate

CVE-2018-20676 was published for bootstrap (RubyGems) Jan 17, 2019

Craft CMS Allows TOTP Token To Stay Valid After Use Moderate

CVE-2024-41800 was published for craftcms/cms (Composer) Jul 25, 2024

Arbitrary File Creation in opencart Moderate

CVE-2024-21519 was published for opencart/opencart (Composer) Jun 22, 2024

Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar Moderate

GHSA-296q-rj83-g9rq was published for oveleon/contao-cookiebar (Composer) Jul 26, 2024

Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places Moderate

CVE-2024-41709 was published for backdrop/backdrop (Composer) Jul 22, 2024

Moodle uses the same key for QR login and auto-login Moderate

CVE-2024-38277 was published for moodle/moodle (Composer) Jun 18, 2024

Moodle stored XSS via calendar's event title when deleting the event Moderate

CVE-2024-38274 was published for moodle/moodle (Composer) Jun 18, 2024

Moodle CSRF risks due to misuse of confirm_sesskey Moderate

CVE-2024-38276 was published for moodle/moodle (Composer) Jun 18, 2024

Previous 1 2 3 4 5 … 92 93 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

2,318 advisories