Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,232 advisories

Loading
UnoPim Cross-site Scripting vulnerability Moderate
CVE-2024-50637 was published for unopim/unopim (Composer) Nov 6, 2024
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature Moderate
CVE-2024-46998 was published for baserproject/basercms (Composer) Oct 24, 2024
ayato-shitomi
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature Moderate
CVE-2024-46996 was published for baserproject/basercms (Composer) Oct 24, 2024
ayato-shitomi
baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request Moderate
CVE-2024-46995 was published for baserproject/basercms (Composer) Oct 24, 2024
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature Moderate
CVE-2024-46994 was published for baserproject/basercms (Composer) Oct 24, 2024
Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-45123 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-45116 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source stored Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-45127 was published for magento/community-edition (Composer) Oct 10, 2024
LimeSurvey Cross Site Scripting vulnerability Moderate
CVE-2024-28710 was published for limesurvey/limesurvey (Composer) Oct 7, 2024
Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name Moderate
CVE-2024-45932 was published for krayin/laravel-crm (Composer) Oct 7, 2024
LimeSurvey Cross Site Scripting vulnerability Moderate
CVE-2024-28709 was published for limesurvey/limesurvey (Composer) Oct 7, 2024
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks Moderate
CVE-2024-45292 was published for phpoffice/phpspreadsheet (Composer) Oct 7, 2024
emilvirkki
Lara-zeus Dynamic Dashboard and Artemis do not validate paragraph widget values which can be used for XSS Moderate
CVE-2024-47817 was published for lara-zeus/artemis (Composer) Oct 7, 2024
sharmaraghs
PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample file Moderate
CVE-2024-45060 was published for phpoffice/phpspreadsheet (Composer) Oct 7, 2024
stealthcopter
Mediawiki Cargo extension vulnerable to Cross-site Scripting Moderate
CVE-2024-47847 was published for mediawiki/cargo (Composer) Oct 5, 2024
Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS Moderate
CVE-2024-47765 was published for dev-lancer/minecraft-motd-parser (Composer) Oct 4, 2024
Krymonota jgniecki
Injection of arbitrary HTML/JavaScript code through the media download URL Moderate
CVE-2024-47617 was published for sulu/sulu (Composer) Oct 3, 2024
Cross-site Scripting via uploaded SVG Moderate
CVE-2024-47618 was published for sulu/sulu (Composer) Oct 3, 2024
alexander-schranz
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature Moderate
CVE-2024-47523 was published for librenms/librenms (Composer) Oct 1, 2024
RaphaelCSS RaphaelCSSilva
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature Moderate
CVE-2024-47525 was published for librenms/librenms (Composer) Oct 1, 2024
RaphaelCSS RaphaelCSSilva
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature Moderate
CVE-2024-47527 was published for librenms/librenms (Composer) Oct 1, 2024
RaphaelCSS RaphaelCSSilva
Pagekit Cross-site Scripting vulnerability Moderate
CVE-2024-45967 was published for pagekit/pagekit (Composer) Oct 1, 2024
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field Moderate
CVE-2024-47536 was published for starcitizentools/citizen-skin (Composer) Sep 30, 2024
BlankEclair
Mautic has an XSS in contact tracking and page hits report Moderate
CVE-2021-27917 was published for mautic/core (Composer) Sep 18, 2024
patrykgruszka lenonleite
escopecz
Mautic vulnerable to XSS in contact/company tracking (no authentication) Moderate
CVE-2024-47050 was published for mautic/core (Composer) Sep 18, 2024
mqrtin patrykgruszka
lenonleite escopecz
ProTip! Advisories are also available from the GraphQL API