GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,298
Erlang
31
GitHub Actions
21
Go
2,063
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
876
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,689 advisories
Filter by severity
Magento Open Source Cross-Site Scripting (XSS) vulnerability
Moderate
CVE-2024-34105
was published
for
magento/community-edition
(Composer)
Jun 13, 2024
Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components
Moderate
GHSA-hjx6-f647-mvf9
was published
for
invenio-communities
(pip)
Jun 12, 2024
WooCommerce has a Cross-Site Scripting (XSS) Vulnerability in checkout & registration forms
Moderate
CVE-2024-37297
was published
for
woocommerce/woocommerce
(Composer)
Jun 12, 2024
SummerNote Cross Site Scripting Vulnerability
Moderate
CVE-2024-37629
was published
for
summernote
(npm)
Jun 12, 2024
Zend_Filter_StripTags vulnerable to Cross-site Scripting when comments allowed
Moderate
GHSA-4vf6-mq7w-3hp6
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide`
Moderate
GHSA-4v57-pwvf-x35j
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
Zend-Form vulnerable to Cross-site Scripting
Moderate
GHSA-gvpp-6jrj-5pqc
was published
for
zendframework/zend-form
(Composer)
Jun 7, 2024
Zendframework Potential XSS or HTML Injection vector in Zend_Json
Moderate
GHSA-vvm3-rv48-j3g5
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework Cross-site Scripting vector in `Zend_Filter_StripTags`
Moderate
GHSA-gwpm-pm6x-h7rj
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework Potential Cross-site Scripting in Development Environment Error View Script
Moderate
GHSA-g52p-86j5-xr8q
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework potential Cross-site Scripting vectors due to inconsistent encodings
Moderate
GHSA-hg35-vqp3-fv39
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework potential Cross-site Scripting vector in `Zend_Dojo_View_Helper_Editor`
Moderate
GHSA-j543-vg33-g6vj
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
ZendFramework has potential Cross-site Scripting vector in multiple view helpers
Moderate
GHSA-m7hr-j867-3f34
was published
for
zendframework/zend-view
(Composer)
Jun 7, 2024
ZendFramework vulnerable to Cross-site Scripting
Moderate
GHSA-5gmf-3c43-q73v
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
Zendframework has potential Cross-site Scripting vector in multiple view helpers
Moderate
GHSA-8q77-cv62-jj38
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Frontend User Login
Moderate
GHSA-2rcw-9hrm-8q7q
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Backend Modal Component
Moderate
GHSA-7q33-hxwj-7p8v
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Moderate
GHSA-8m6j-p5jv-v69w
was published
for
typo3/cms
(Composer)
Jun 7, 2024
Cross-site scripting (XSS) vulnerability in Description metadata
Moderate
CVE-2024-37160
was published
for
getformwork/formwork
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Form Framework validation handling
Moderate
GHSA-v8m4-3w37-ghxx
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Form Framework
Moderate
GHSA-4h5c-5g25-v7fh
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Link Handling
Moderate
GHSA-xgmx-j3hv-jh9x
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Filelist Module
Moderate
GHSA-g7hw-jh4p-75wr
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TYPO3 Cross-Site Scripting in Fluid ViewHelpers
Moderate
GHSA-85ch-44w7-rf32
was published
for
typo3/cms
(Composer)
Jun 7, 2024
TokenController formName not sanitized in hidden input
Moderate
CVE-2024-37156
was published
for
sulu/form-bundle
(Composer)
Jun 6, 2024
ProTip!
Advisories are also available from the
GraphQL API