GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
8 advisories
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` parameter `data[header][template]` in Advanced Tab
Moderate
CVE-2025-66310
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Grav is vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the "Blog Config" tab
Moderate
CVE-2025-66309
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]`
Moderate
CVE-2025-66308
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Grav vulnerable to Denial of Service via Improper Input Handling in 'Supported' Parameter
High
CVE-2025-66305
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Grav Admin Plugin is vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]`
Moderate
CVE-2025-66312
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples parameters
Moderate
CVE-2025-66311
was published
for
getgrav/grav
(Composer)
Dec 2, 2025
Mautic vulnerable to reflected XSS in lead:addLeadTags - Quick Add
Moderate
CVE-2025-9823
was published
for
mautic/core
(Composer)
Sep 3, 2025
Indico vulnerability allows attackers to bulk dump user details
Moderate
CVE-2025-53640
was published
for
indico
(pip)
Jul 14, 2025
ProTip!
Advisories are also available from the
GraphQL API