Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,343 advisories

Loading
October System module has a Reflected XSS via X-October-Request-Handler Header Low
CVE-2024-25637 was published for october/system (Composer) Jun 26, 2024
Cross site scripting in opencart Moderate
CVE-2024-21516 was published for opencart/opencart (Composer) Jun 22, 2024
Cross site scripting in opencart Moderate
CVE-2024-21515 was published for opencart/opencart (Composer) Jun 22, 2024
Cross site scripting in opencart Moderate
CVE-2024-21517 was published for opencart/opencart (Composer) Jun 22, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option Moderate
CVE-2024-38356 was published for TinyMCE (Composer) Jun 19, 2024
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements Moderate
CVE-2024-38357 was published for TinyMCE (Composer) Jun 19, 2024
Malav-MK
Moodle stored XSS via calendar's event title when deleting the event Moderate
CVE-2024-38274 was published for moodle/moodle (Composer) Jun 18, 2024
WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms Moderate
CVE-2024-37297 was published for woocommerce/woocommerce (Composer) Jun 12, 2024
Zend_Filter_StripTags vulnerable to Cross-site Scripting when comments allowed Moderate
GHSA-4vf6-mq7w-3hp6 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide` Moderate
GHSA-4v57-pwvf-x35j was published for zendframework/zendframework1 (Composer) Jun 7, 2024
Zend-Form vulnerable to Cross-site Scripting Moderate
GHSA-gvpp-6jrj-5pqc was published for zendframework/zend-form (Composer) Jun 7, 2024
Zendframework Potential XSS or HTML Injection vector in Zend_Json Moderate
GHSA-vvm3-rv48-j3g5 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework Cross-site Scripting vector in `Zend_Filter_StripTags` Moderate
GHSA-gwpm-pm6x-h7rj was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework Potential Cross-site Scripting in Development Environment Error View Script Moderate
GHSA-g52p-86j5-xr8q was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework potential Cross-site Scripting vectors due to inconsistent encodings Moderate
GHSA-hg35-vqp3-fv39 was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework potential Cross-site Scripting vector in `Zend_Dojo_View_Helper_Editor` Moderate
GHSA-j543-vg33-g6vj was published for zendframework/zendframework1 (Composer) Jun 7, 2024
ZendFramework has potential Cross-site Scripting vector in multiple view helpers Moderate
GHSA-m7hr-j867-3f34 was published for zendframework/zend-view (Composer) Jun 7, 2024
ZendFramework vulnerable to Cross-site Scripting Moderate
GHSA-5gmf-3c43-q73v was published for zendframework/zendframework (Composer) Jun 7, 2024
Zendframework has potential Cross-site Scripting vector in multiple view helpers Moderate
GHSA-8q77-cv62-jj38 was published for zendframework/zendframework (Composer) Jun 7, 2024
TYPO3 Cross-Site Scripting in Frontend User Login Moderate
GHSA-2rcw-9hrm-8q7q was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Cross-Site Scripting in Backend Modal Component Moderate
GHSA-7q33-hxwj-7p8v was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Cross-Site Scripting in Online Media Asset Rendering Moderate
GHSA-8m6j-p5jv-v69w was published for typo3/cms (Composer) Jun 7, 2024
Cross-site scripting (XSS) vulnerability in Description metadata Moderate
CVE-2024-37160 was published for getformwork/formwork (Composer) Jun 7, 2024
Kyokito1412
TYPO3 Cross-Site Scripting in Form Framework validation handling Moderate
GHSA-v8m4-3w37-ghxx was published for typo3/cms (Composer) Jun 7, 2024
TYPO3 Cross-Site Scripting in Form Framework Moderate
GHSA-4h5c-5g25-v7fh was published for typo3/cms (Composer) Jun 7, 2024
ProTip! Advisories are also available from the GraphQL API