Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
47
GitHub Actions
48
Go
3,378
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,573
Pub
13
RubyGems
1,013
Rust
1,205
Swift
51
Unreviewed advisories
All unreviewed
5,000+

161 advisories

Loading
YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter" High
CVE-2026-34598 was published for yeswiki/yeswiki (Composer) Apr 1, 2026
kh0kamoni Credited to kh0kamoni
baserCMS is Vulnerable to Cross-site Scripting High
CVE-2026-32734 was published for baserproject/basercms (Composer) Mar 31, 2026
AVideo Vulnerable to Reflected XSS via Unsanitized plugin Parameter in YPTWallet Stripe Payment Page High
CVE-2026-34375 was published for wwbn/avideo (Composer) Mar 30, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write High
GHSA-pr3g-phhr-h8fh was published for librenms/librenms (Composer) Mar 26, 2026
YuriNek0 Credited to YuriNek0
MantisBT has Stored HTML Injection/XSS when displaying Tags in Timeline High
CVE-2026-33548 was published for mantisbt/mantisbt (Composer) Mar 25, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation High
CVE-2026-33517 was published for mantisbt/mantisbt (Composer) Mar 25, 2026
shukla304 Credited to shukla304 and dregad dregad dregad
PrestaShop has multiple stored XSS vulnerabilities via unprotected Template variables High
CVE-2026-33673 was published for prestashop/prestashop (Composer) Mar 25, 2026
Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin High
CVE-2026-32278 was published for opensource-workshop/connect-cms (Composer) Mar 23, 2026
odgrso Credited to odgrso
Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View High
CVE-2026-32277 was published for opensource-workshop/connect-cms (Composer) Mar 23, 2026
odgrso Credited to odgrso
AVideo Affected by Stored XSS via Unescaped Video Title in CDN downloadButtons.php High
CVE-2026-33295 was published for wwbn/avideo (Composer) Mar 19, 2026
fg0x0 Credited to fg0x0
Filament Unvalidated Range and Values summarizer values can be used for XSS High
CVE-2026-33080 was published for filament/tables (Composer) Mar 18, 2026
danharrin Credited to danharrin
Statamic has Stored XSS via SVG Sanitization Bypass High
CVE-2026-33172 was published for statamic/cms (Composer) Mar 18, 2026
FilipeGaudard Credited to FilipeGaudard
Craft Commerce has multiple Stored XSS in Commerce Inventory Page, Leading to Session Hijacking High
CVE-2026-29175 was published for craftcms/commerce (Composer) Mar 10, 2026
mHe4am Credited to mHe4am
Statamic vulnerable to privilege escalation via stored cross-site scripting High
CVE-2026-28426 was published for statamic/cms (Composer) Mar 1, 2026
Statamic affected by privilege escalation via stored cross-site scripting High
CVE-2026-27196 was published for statamic/cms (Composer) Feb 19, 2026
genneta Credited to genneta
Statamic CMS vulnerable to privilege escalation via stored cross-site scripting High
CVE-2026-25759 was published for statamic/cms (Composer) Feb 11, 2026
Neosprings Credited to Neosprings
Moodle vulnerable to Cross-site Scripting High
CVE-2025-67850 was published for moodle/moodle (Composer) Feb 3, 2026
Moodle Cross-site Scripting (XSS) vulnerability High
CVE-2025-67849 was published for moodle/moodle (Composer) Feb 3, 2026
FacturaScripts has Stored Cross-Site Scripting (XSS) in "Observations" field via History View High
CVE-2026-23997 was published for facturascripts/facturascripts (Composer) Feb 2, 2026
jaroslaw-wawiorko Credited to jaroslaw-wawiorko
FacturaScripts is Vulnerable to Stored Cross-Site Scripting (XSS) via XML File Upload High
CVE-2025-69210 was published for facturascripts/facturascripts (Composer) Dec 30, 2025
vettrivel007 Credited to vettrivel007
YOURLS is vulnerable to XSS through JSONP and Callback request parameters High
GHSA-6mp4-q625-mxjp was published for yourls/yourls (Composer) Dec 30, 2025
DenizParlak Credited to DenizParlak
Shopware Storefront Reflected XSS in Storefront Login Page High
CVE-2025-67648 was published for shopware/shopware (Composer) Dec 9, 2025
tbrankaer Credited to tbrankaer and NielDuysters NielDuysters NielDuysters
Aimeos GrapesJS CMS extension has possible stored XSS that's exploitable by authenticated editors High
CVE-2025-66468 was published for aimeos/ai-cms-grapesjs (Composer) Dec 3, 2025
Statamic Vulnerable to Superadmin Account Takeover via Stored Cross-Site Scripting and Lack of Proper X-CSRF-TOKEN Server-Side Validation High
CVE-2025-64112 was published for statamic/cms (Composer) Oct 30, 2025
wojtekchwala Credited to wojtekchwala
Magento vulnerable to stored Cross-Site Scripting (XSS) High
CVE-2025-54264 was published for magento/community-edition (Composer) Oct 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database