GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
2,293 advisories
XSS vulnerability in Author URL of themes in Mautic
Moderate
CVE-2018-11198
was published
for
mautic/core
(Composer)
Jan 19, 2021
Cross-site scripting vulnerability in TinyMCE
Moderate
CVE-2024-21911
was published
for
TinyMCE
(Composer)
Jan 6, 2021
Cross-Site Scripting in Fluid view helpers
Moderate
CVE-2020-26227
was published
for
typo3/cms
(Composer)
Dec 21, 2020
Cross-Site Scripting in Grav
Moderate
GHSA-cvmr-6428-87w9
was published
for
getgrav/grav
(Composer)
Dec 10, 2020
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
Moderate
CVE-2020-15247
was published
for
october/cms
(Composer)
Nov 23, 2020
Reflected XSS with parameters in PostComment
Moderate
CVE-2020-26225
was published
for
prestashop/productcomments
(Composer)
Nov 16, 2020
Authenticated XML External Entity Processing
Moderate
GHSA-8xv9-qcr9-ww9j
was published
for
shopware/core
(Composer)
Oct 19, 2020
Ability to switch customer email address on account detail page and stay verified
Moderate
CVE-2020-15245
was published
for
sylius/sylius
(Composer)
Oct 19, 2020
XSS vulnerability when listing users on add & modify server pages.
Moderate
GHSA-5822-pw57-vv37
was published
for
pterodactyl/panel
(Composer)
Oct 8, 2020
Cross-Site Scripting in ternary conditional operator
Moderate
CVE-2020-15241
was published
for
typo3/cms
(Composer)
Oct 8, 2020
Information Disclosure in TYPO3 extension sf_event_mgt
Moderate
CVE-2020-25026
was published
for
derhansen/sf_event_mgt
(Composer)
Sep 2, 2020
Reset Password / Login vulnerability in Sulu
Moderate
CVE-2020-15132
was published
for
sulu/sulu
(Composer)
Aug 5, 2020
Cross-site Scripting vulnerability in Kitodo.Presentation
Moderate
CVE-2020-16095
was published
for
kitodo/presentation
(Composer)
Jul 31, 2020
Potentially sensitive data exposure in Symfony Web Socket Bundle
Moderate
GHSA-wwgf-3xp7-cxj4
was published
for
gos/web-socket-bundle
(Composer)
Jul 7, 2020
Use of insecure jQuery version in OctoberCMS
Moderate
GHSA-v73w-r9xg-7cr9
was published
for
october/october
(Composer)
Jun 5, 2020
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar
Moderate
CVE-2020-11094
was published
for
rainlab/debugbar-plugin
(Composer)
Jun 3, 2020
Potential CSV Injection vector in OctoberCMS
Moderate
CVE-2020-5299
was published
for
october/backend
(Composer)
Jun 3, 2020
ProTip!
Advisories are also available from the
GraphQL API