GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
2,785 advisories
MediaWiki Cargo Extension Cross-site Scripting vulnerability
Moderate
CVE-2024-23173
was published
for
mediawiki/cargo
(Composer)
Jan 12, 2024
Withdrawn Advisory: Bootstrap Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-6484
was published
for
bootstrap
(RubyGems)
Jul 11, 2024
•
withdrawn
Shopware 6 allows attackers to check for registered accounts through the store-api
Moderate
CVE-2025-30150
was published
for
shopware/core
(Composer)
Apr 8, 2025
Mautic Vulnerable to User Enumeration via Response Timing
Moderate
CVE-2025-9824
was published
for
mautic/core
(Composer)
Sep 3, 2025
Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add
Moderate
CVE-2025-9823
was published
for
mautic/core
(Composer)
Sep 3, 2025
Mautic vulnerable to secret data extraction via elfinder
Moderate
CVE-2025-9822
was published
for
mautic/core
(Composer)
Sep 3, 2025
Symfony UX allows unsanitized HTML attribute injection via ComponentAttributes
Moderate
CVE-2025-47946
was published
for
symfony/ux-live-component
(Composer)
May 19, 2025
Contao does not properly manage privileges for page and article fields
Moderate
CVE-2025-57759
was published
for
contao/contao
(Composer)
Aug 28, 2025
Contao can disclose sensitive information in the news module
Moderate
CVE-2025-57757
was published
for
contao/contao
(Composer)
Aug 28, 2025
Contao discloses sensitive information in the front end search index
Moderate
CVE-2025-57756
was published
for
contao/contao
(Composer)
Aug 28, 2025
ProTip!
Advisories are also available from the
GraphQL API