Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

2,736 advisories

Loading
Cockpit - Content Platform vulnerable to XSS through name or email argument names Moderate
CVE-2025-7053 was published for cockpit-hq/cockpit (Composer) Jul 4, 2025
Microweber CMS API has authenticated local file inclusion vulnerability Moderate
CVE-2025-34076 was published for microweber/microweber (Composer) Jul 2, 2025
Moodle Session Fixation allows unauthenticated users to hijack sessions via sesskey parameter Moderate
CVE-2025-53021 was published for moodle/moodle (Composer) Jun 24, 2025
GeSHi XSS possible in the get_var function of /contrib/cssgen.php Moderate
CVE-2025-2123 was published for geshi/geshi (Composer) Mar 9, 2025
juzaweb CMS allows cross-site scripting by uploading an SVG file Moderate
CVE-2025-5420 was published for juzaweb/cms (Composer) Jun 2, 2025
Cross-site Scripting in Bagisto Moderate
CVE-2023-36236 was published for bagisto/bagisto (Composer) Jan 17, 2024
Redaxo Core CMS Cross Site Scripting (XSS) Moderate
CVE-2024-50803 was published for redaxo/source (Composer) Nov 19, 2024
Ibexa RichText Field Type XSS vulnerabilities in back office Moderate
GHSA-9qv6-4pwm-m68f was published for ibexa/fieldtype-richtext (Composer) Jun 13, 2025
Ibexa Admin UI XSS vulnerabilities in back office Moderate
GHSA-5r6x-g6jv-4v87 was published for ibexa/admin-ui (Composer) Jun 13, 2025
Ibexa Admin UI assets XSS vulnerabilities in back office Moderate
GHSA-vhgq-r8gx-5fpv was published for ibexa/admin-ui-assets (Composer) Jun 13, 2025
Ibexa eZ Platform Admin UI assets XSS vulnerabilities in back office Moderate
GHSA-r5rx-53g9-25rj was published for ezsystems/ezplatform-admin-ui-assets (Composer) Jun 13, 2025
Ibexa eZ Platform Admin UI XSS vulnerabilities in back office Moderate
GHSA-r7pm-mw8g-p7px was published for ezsystems/ezplatform-admin-ui (Composer) Jun 13, 2025
starcitizentools/citizen-skin allows stored XSS in user registration date message Moderate
CVE-2025-49578 was published for starcitizentools/citizen-skin (Composer) Jun 13, 2025
SomeMWDev
starcitizentools/citizen-skin allows stored XSS in menu heading message Moderate
CVE-2025-49579 was published for starcitizentools/citizen-skin (Composer) Jun 13, 2025
SomeMWDev
starcitizentools/citizen-skin allows stored XSS in preference menu heading messages Moderate
CVE-2025-49577 was published for starcitizentools/citizen-skin (Composer) Jun 13, 2025
SomeMWDev
starcitizentools/citizen-skin allows stored XSS in search no result messages Moderate
CVE-2025-49576 was published for starcitizentools/citizen-skin (Composer) Jun 13, 2025
SomeMWDev
Citizen skin vulnerable to stored XSS through multiple system messages Moderate
CVE-2025-49575 was published for starcitizentools/citizen-skin (Composer) Jun 11, 2025
SomeMWDev
HAX CMS vulnerable to Local File Inclusion via saveOutline API Location Parameter Moderate
CVE-2025-49138 was published for elmsln/haxcms (Composer) Jun 9, 2025
Indigo-10
MantisBT XSS through weak CSP when using Gravatar plugin Moderate
CVE-2016-7111 was published for mantisbt/mantisbt (Composer) May 17, 2022
MantisBT XSS via adm_config_report.php's action parameter Moderate
CVE-2017-6973 was published for mantisbt/mantisbt (Composer) May 17, 2022
MantisBT XSS via move_attachments_page.php Moderate
CVE-2017-7241 was published for mantisbt/mantisbt (Composer) May 17, 2022
Drupal Lightgallery Cross-site Scripting vulnerability Moderate
CVE-2025-48447 was published for drupal/lightgallery (Composer) Jun 11, 2025
Drupal Quick Node Block Missing Authorization vulnerability Moderate
CVE-2025-48444 was published for drupal/quick_node_block (Composer) Jun 11, 2025
Drupal Quick Node Block Missing Authorization vulnerability Moderate
CVE-2025-48013 was published for drupal/quick_node_block (Composer) Jun 11, 2025
MantisBT XSS through crafted SVG documents in file_download.php Moderate
CVE-2022-33910 was published for mantisbt/mantisbt (Composer) Jun 25, 2022
ProTip! Advisories are also available from the GraphQL API