GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
158 advisories
LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write
High
GHSA-pr3g-phhr-h8fh
was published
for
librenms/librenms
(Composer)
Mar 26, 2026
Connect CMS has Stored Cross-site Scripting (XSS) in the File Field of its Form Plugin
High
CVE-2026-32278
was published
for
opensource-workshop/connect-cms
(Composer)
Mar 23, 2026
Connect-CMS has DOM-based Cross-Site Scripting (XSS) in the Cabinet Plugin List View
High
CVE-2026-32277
was published
for
opensource-workshop/connect-cms
(Composer)
Mar 23, 2026
MantisBT has Stored HTML Injection/XSS when displaying Tags in Timeline
High
CVE-2026-33548
was published
for
mantisbt/mantisbt
(Composer)
Mar 25, 2026
MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation
High
CVE-2026-33517
was published
for
mantisbt/mantisbt
(Composer)
Mar 25, 2026
AVideo Affected by Stored XSS via Unescaped Video Title in CDN downloadButtons.php
High
CVE-2026-33295
was published
for
wwbn/avideo
(Composer)
Mar 19, 2026
Statamic has Stored XSS via SVG Sanitization Bypass
High
CVE-2026-33172
was published
for
statamic/cms
(Composer)
Mar 18, 2026
Filament Unvalidated Range and Values summarizer values can be used for XSS
High
CVE-2026-33080
was published
for
filament/tables
(Composer)
Mar 18, 2026
Craft Commerce has multiple Stored XSS in Commerce Inventory Page, Leading to Session Hijacking
High
CVE-2026-29175
was published
for
craftcms/commerce
(Composer)
Mar 10, 2026
Statamic affected by privilege escalation via stored cross-site scripting
High
CVE-2026-27196
was published
for
statamic/cms
(Composer)
Feb 19, 2026
Statamic CMS vulnerable to privilege escalation via stored cross-site scripting
High
CVE-2026-25759
was published
for
statamic/cms
(Composer)
Feb 11, 2026
FacturaScripts has Stored Cross-Site Scripting (XSS) in "Observations" field via History View
High
CVE-2026-23997
was published
for
facturascripts/facturascripts
(Composer)
Feb 2, 2026
FacturaScripts is Vulnerable to Stored Cross-Site Scripting (XSS) via XML File Upload
High
CVE-2025-69210
was published
for
facturascripts/facturascripts
(Composer)
Dec 30, 2025
YOURLS is vulnerable to XSS through JSONP and Callback request parameters
High
GHSA-6mp4-q625-mxjp
was published
for
yourls/yourls
(Composer)
Dec 30, 2025
Dolibarr Application Home Page has HTML injection vulnerability
High
CVE-2024-23817
was published
for
dolibarr/dolibarr
(Composer)
Apr 18, 2024
Shopware Storefront Reflected XSS in Storefront Login Page
High
CVE-2025-67648
was published
for
shopware/shopware
(Composer)
Dec 9, 2025
ProTip!
Advisories are also available from the
GraphQL API