GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
28 advisories
tarteaucitron-wp WordPress Plugin Vulnerable to Stored Cross-Site Scripting
Moderate
CVE-2024-11718
was published
for
couleurcitron/tarteaucitron-wp
(Composer)
May 15, 2025
tarteaucitron.js allows url scheme injection via unfiltered inputs
Moderate
CVE-2025-31476
was published
for
tarteaucitronjs
(npm)
Apr 7, 2025
tarteaucitron.js allows UI manipulation via unrestricted CSS injection
Moderate
CVE-2025-31138
was published
for
tarteaucitronjs
(npm)
Apr 7, 2025
wp-svg-upload WordPress plugin vulnerable to Stored Cross-site Scripting
Moderate
CVE-2024-11847
was published
for
digimix/wp-svg-upload
(Composer)
Mar 26, 2025
The wp-enable-svg WordPress plugin does not sanitize SVG files when uploaded
Moderate
CVE-2024-11184
was published
for
mwdelaney/wp-enable-svg
(Composer)
Jan 2, 2025
Code Snippet GeSHi plugin in CKEditor 4 has reflected cross-site scripting (XSS) vulnerability
Moderate
CVE-2024-43407
was published
for
ckeditor/ckeditor
(Composer)
Aug 21, 2024
CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection
Moderate
CVE-2024-24815
was published
for
ckeditor/ckeditor
(Composer)
Feb 7, 2024
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Moderate
CVE-2023-46734
was published
for
symfony/symfony
(Composer)
Nov 12, 2023
phpBB's Smiley Pack acp_icons.php main pack vulnerable to cross site scripting
Moderate
CVE-2023-5917
was published
for
phpbb/phpbb
(Composer)
Nov 2, 2023
MediaWiki Denial of Service vulnerability
High
CVE-2023-45363
was published
for
mediawiki/core
(Composer)
Oct 9, 2023
X-Forwarded-For header allows brute-forcing autoblocked IP addresses
Critical
CVE-2023-29141
was published
for
mediawiki/core
(Composer)
Mar 31, 2023
Cross site scripting in ameos_tarteaucitron
Moderate
CVE-2022-33155
was published
for
ameos/ameos_tarteaucitron
(Composer)
Jul 13, 2022
phpBB Server-Side Request Forgery Vulnerability
Moderate
CVE-2020-8226
was published
for
phpbb/phpbb
(Composer)
May 24, 2022
img_auth.php may leak private extension images into the public cache
Moderate
CVE-2020-15005
was published
for
mediawiki/core
(Composer)
May 24, 2022
phpBB vulnerable to sensitive information disclosure
High
CVE-2008-6507
was published
for
phpbb/phpbb
(Composer)
May 17, 2022
phpBB vulnerability related to use of "forum id" in circumstances related to a "global announcement."
High
CVE-2010-1630
was published
for
phpbb/phpbb
(Composer)
May 17, 2022
phpBB 3.0.7 allows remote attackers to bypass intended access restrictions
High
CVE-2010-1627
was published
for
phpbb/phpbb
(Composer)
May 17, 2022
HTML Purifier allows remote attackers to obtain sensitive information
Moderate
CVE-2011-3744
was published
for
ezyang/htmlpurifier
(Composer)
May 17, 2022
Drupal has open redirect vulnerability in the Overlay module
High
CVE-2013-6389
was published
for
drupal/drupal
(Composer)
May 17, 2022
Cross-site scripting vulnerability in includes/actions/InfoAction.php
Moderate
CVE-2014-2853
was published
for
mediawiki/core
(Composer)
May 17, 2022
HTML Purifier Cross-site Scripting vulnerability
Moderate
CVE-2007-3498
was published
for
ezyang/htmlpurifier
(Composer)
May 1, 2022
PEAR::Archive_Tar Directory Traversal vulnerability
Critical
CVE-2006-0931
was published
for
pear/archive_tar
(Composer)
May 1, 2022
Server-Side Request Forgery and Open Redirect in AllTube Download
High
CVE-2022-24739
was published
for
rudloff/alltube
(Composer)
Mar 9, 2022
Path manipulation in matyhtf/framework
Critical
CVE-2021-43676
was published
for
matyhtf/framework
(Composer)
Dec 4, 2021
ProTip!
Advisories are also available from the
GraphQL API