Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,891
Erlang
37
GitHub Actions
38
Go
2,550
Maven
5,000+
npm
4,221
NuGet
745
pip
3,998
Pub
12
RubyGems
953
Rust
1,039
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,699 advisories

Loading
tarteaucitron-wp WordPress Plugin Vulnerable to Stored Cross-Site Scripting Moderate
CVE-2024-11718 was published for couleurcitron/tarteaucitron-wp (Composer) May 15, 2025
Rudloff
Credited to Rudloff
Koillection Cross Site Scripting vulnerability Moderate
CVE-2025-29746 was published for koillection/koillection (Composer) May 7, 2025
league/commonmark contains a XSS vulnerability in Attributes extension Moderate
CVE-2025-46734 was published for league/commonmark (Composer) May 5, 2025
TRIKKSS
Credited to TRIKKSS
YesWiki Stored XSS Vulnerability in Comments Low
CVE-2025-46346 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
pizza-power
Credited to pizza-power
YesWiki Vulnerable to Unauthenticated Reflected Cross-site Scripting High
CVE-2025-46349 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
Yeswiki Vulnerable to Authenticated Reflected Cross-site Scripting Low
CVE-2025-46350 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
masquerad3r
Credited to masquerad3r
Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting Moderate
CVE-2025-46550 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
masquerad3r
Credited to masquerad3r
Yeswiki Vulnerable to Unauthenticated Reflected Cross-site Scripting Moderate
CVE-2025-46549 was published for yeswiki/yeswiki (Composer) Apr 29, 2025
masquerad3r
Credited to masquerad3r
Moodle has reflected Cross-site Scripting risk in policy tool Moderate
CVE-2025-3643 was published for moodle/moodle (Composer) Apr 25, 2025
AnonySE26
Credited to AnonySE26
Laravel Starter Cross Site Scripting (XSS) Moderate
CVE-2025-26159 was published for nasirkhan/laravel-starter (Composer) Apr 22, 2025
PEAR HTTP_Request2 vulnerable to Cross-site Scripting Moderate
CVE-2025-43717 was published for pear/http_request2 (Composer) Apr 17, 2025
Formie has XSS vulnerability for email notification content for preview Moderate
CVE-2025-32426 was published for verbb/formie (Composer) Apr 11, 2025
Formie has XSS vulnerability for importing forms Moderate
CVE-2025-32427 was published for verbb/formie (Composer) Apr 11, 2025
Yii does not prevent XSS in scenarios where fallback error renderer is used Moderate
CVE-2025-32027 was published for yiisoft/yii (Composer) Apr 11, 2025
lgrewe
Credited to lgrewe
Silverstripe Framework has a XSS vulnerability in HTML editor Moderate
CVE-2025-30148 was published for silverstripe/framework (Composer) Apr 10, 2025
Silverstripe cross-site scripting (XSS) attack in elemental "Content blocks in use" report Moderate
CVE-2025-25197 was published for dnadesign/silverstripe-elemental (Composer) Apr 10, 2025
Pimcore's Admin Classic Bundle allows HTML Injection Low
CVE-2025-30166 was published for pimcore/admin-ui-classic-bundle (Composer) Apr 8, 2025
Concrete CMS Vulnerable to Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Moderate
CVE-2025-3153 was published for concrete5/concrete5 (Composer) Apr 3, 2025
Drupal Obfuscate Vulnerable to Stored Cross-Site Scripting (XSS) Moderate
CVE-2025-3130 was published for drupal/obfuscate (Composer) Apr 3, 2025
Drupal Formatter Suite Vulnerable to Cross-Site Scripting (XSS) via Link Element Attributes Low
CVE-2025-31697 was published for drupal/formatter_suite (Composer) Apr 1, 2025
Drupal RapiDoc OAS Field Formatter Cross-Site Scripting (XSS) vulnerability Low
CVE-2025-31696 was published for drupal/rapidoc_elements_field_formatter (Composer) Apr 1, 2025
Drupal Link field display mode formatter Cross-Site Scripting (XSS) vulnerability Low
CVE-2025-31695 was published for drupal/link_field_display_mode_formatter (Composer) Apr 1, 2025
Drupal Core Potential Cross-Site Scripting (XSS) via Error Messages Moderate
CVE-2025-3057 was published for drupal/core (Composer) Apr 1, 2025
Drupal SpamSpan Cross-Site Scripting (XSS) vulnerability Low
CVE-2025-31687 was published for drupal/spamspan (Composer) Apr 1, 2025
Drupal Google Tag Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2025-31682 was published for drupal/google_tag (Composer) Apr 1, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database