Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

2,436 advisories

Loading
Drupal Full Path Disclosure Moderate
CVE-2024-45440 was published for drupal/core (Composer) Aug 29, 2024
cmlara longwave
Fluid Components TYPO3 extension vulnerable to Cross-Site Scripting Moderate
CVE-2023-28604 was published for sitegeist/fluid-components (Composer) Mar 27, 2023
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature Moderate
CVE-2024-46998 was published for baserproject/basercms (Composer) Oct 24, 2024
ayato-shitomi
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature Moderate
CVE-2024-46996 was published for baserproject/basercms (Composer) Oct 24, 2024
ayato-shitomi
Cross site scripting in ameos_tarteaucitron Moderate
CVE-2022-33155 was published for ameos/ameos_tarteaucitron (Composer) Jul 13, 2022
Rudloff
Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled Moderate
CVE-2024-49762 was published for pterodactyl/panel (Composer) Oct 24, 2024
pebblehosts
ai-admin-graphql has a Denial of service vulnerability in SaaS and marketplace setups Moderate
CVE-2024-47173 was published for aimeos/ai-admin-graphql (Composer) Oct 24, 2024
ssshah2131
baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request Moderate
CVE-2024-46995 was published for baserproject/basercms (Composer) Oct 24, 2024
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature Moderate
CVE-2024-46994 was published for baserproject/basercms (Composer) Oct 24, 2024
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module Moderate
CVE-2024-24751 was published for derhansen/sf_event_mgt (Composer) Feb 13, 2024
derhansen
Cross-site Scripting via uploaded SVG Moderate
CVE-2024-47618 was published for sulu/sulu (Composer) Oct 3, 2024
alexander-schranz
Path traversal in redaxo Moderate
CVE-2024-46212 was published for redaxo/source (Composer) Oct 16, 2024
Bref's Uploaded Files Not Deleted in Event-Driven Functions Moderate
CVE-2024-24752 was published for bref/bref (Composer) Feb 1, 2024
smaury mnapoli
Injection of arbitrary HTML/JavaScript code through the media download URL Moderate
CVE-2024-47617 was published for sulu/sulu (Composer) Oct 3, 2024
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled Moderate
CVE-2024-45291 was published for phpoffice/phpspreadsheet (Composer) Oct 7, 2024
emilvirkki
LimeSurvey Cross Site Scripting vulnerability Moderate
CVE-2024-28710 was published for limesurvey/limesurvey (Composer) Oct 7, 2024
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-45131 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Authorization vulnerability Moderate
CVE-2024-45128 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-45116 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Input Validation vulnerability Moderate
CVE-2024-45117 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Access Control vulnerability Moderate
CVE-2024-45130 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Access Control vulnerability Moderate
CVE-2024-45121 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source Improper Access Control vulnerability Moderate
CVE-2024-45122 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source stored Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-45127 was published for magento/community-edition (Composer) Oct 10, 2024
Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2024-45123 was published for magento/community-edition (Composer) Oct 10, 2024
ProTip! Advisories are also available from the GraphQL API