GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
31 advisories
Drupal Core has a SQL Injection issue
Critical
CVE-2026-9082
was published
for
drupal/core
(Composer)
May 20, 2026
Orejime has executable code in HTML attributes
Low
CVE-2025-68457
was published
for
orejime
(npm)
Dec 19, 2025
tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript
Moderate
CVE-2025-48939
was published
for
tarteaucitronjs
(npm)
Jul 3, 2025
tarteaucitron-wp WordPress Plugin Vulnerable to Stored Cross-Site Scripting
Moderate
CVE-2024-11718
was published
for
couleurcitron/tarteaucitron-wp
(Composer)
May 15, 2025
tarteaucitron.js allows url scheme injection via unfiltered inputs
Moderate
CVE-2025-31476
was published
for
tarteaucitronjs
(npm)
Apr 7, 2025
tarteaucitron.js allows UI manipulation via unrestricted CSS injection
Moderate
CVE-2025-31138
was published
for
tarteaucitronjs
(npm)
Apr 7, 2025
wp-svg-upload WordPress plugin vulnerable to Stored Cross-site Scripting
Moderate
CVE-2024-11847
was published
for
digimix/wp-svg-upload
(Composer)
Mar 26, 2025
The wp-enable-svg WordPress plugin does not sanitize SVG files when uploaded
Moderate
CVE-2024-11184
was published
for
mwdelaney/wp-enable-svg
(Composer)
Jan 2, 2025
Code Snippet GeSHi plugin in CKEditor 4 has reflected cross-site scripting (XSS) vulnerability
Moderate
CVE-2024-43407
was published
for
ckeditor/ckeditor
(Composer)
Aug 21, 2024
CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection
Moderate
CVE-2024-24815
was published
for
ckeditor/ckeditor
(Composer)
Feb 7, 2024
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Moderate
CVE-2023-46734
was published
for
symfony/symfony
(Composer)
Nov 12, 2023
phpBB's Smiley Pack acp_icons.php main pack vulnerable to cross site scripting
Moderate
CVE-2023-5917
was published
for
phpbb/phpbb
(Composer)
Nov 2, 2023
MediaWiki Denial of Service vulnerability
High
CVE-2023-45363
was published
for
mediawiki/core
(Composer)
Oct 9, 2023
X-Forwarded-For header allows brute-forcing autoblocked IP addresses
Critical
CVE-2023-29141
was published
for
mediawiki/core
(Composer)
Mar 31, 2023
Cross site scripting in ameos_tarteaucitron
Moderate
CVE-2022-33155
was published
for
ameos/ameos_tarteaucitron
(Composer)
Jul 13, 2022
phpBB Server-Side Request Forgery Vulnerability
Moderate
CVE-2020-8226
was published
for
phpbb/phpbb
(Composer)
May 24, 2022
img_auth.php may leak private extension images into the public cache
Moderate
CVE-2020-15005
was published
for
mediawiki/core
(Composer)
May 24, 2022
phpBB vulnerable to sensitive information disclosure
High
CVE-2008-6507
was published
for
phpbb/phpbb
(Composer)
May 17, 2022
phpBB 3.0.7 allows remote attackers to bypass intended access restrictions
High
CVE-2010-1627
was published
for
phpbb/phpbb
(Composer)
May 17, 2022
phpBB vulnerability related to use of "forum id" in circumstances related to a "global announcement."
High
CVE-2010-1630
was published
for
phpbb/phpbb
(Composer)
May 17, 2022
HTML Purifier allows remote attackers to obtain sensitive information
Moderate
CVE-2011-3744
was published
for
ezyang/htmlpurifier
(Composer)
May 17, 2022
Drupal has open redirect vulnerability in the Overlay module
High
CVE-2013-6389
was published
for
drupal/drupal
(Composer)
May 17, 2022
Cross-site scripting vulnerability in includes/actions/InfoAction.php
Moderate
CVE-2014-2853
was published
for
mediawiki/core
(Composer)
May 17, 2022
HTML Purifier Cross-site Scripting vulnerability
Moderate
CVE-2007-3498
was published
for
ezyang/htmlpurifier
(Composer)
May 1, 2022
ProTip!
Advisories are also available from the
GraphQL API