Report a CVE to HeroDevs

Committed to Security and Confidentiality

At HeroDevs, safeguarding the security of open-source software and its ecosystem is our priority. As a Certified Numbering Authority (CNA), we ensure your vulnerability reports are handled with utmost confidentiality and professionalism.

Report Vulnerability
Vulnerability Directory
White arrow
Search tool icon

Report a Vulnerability

When you report a CVE, you can trust that:
  • Your submission is reviewed promptly and securely by our team of security experts.
  • Details of the vulnerability will not be disclosed until appropriate patches are developed and coordinated with the necessary stakeholders.
  • Your role as the reporter will be respected, with attribution provided as per your preference.
Every vulnerability we address strengthens the open-source ecosystem and ensures the continued security of end-of-life software. At HeroDevs, we actively track, assess, and address vulnerabilities to safeguard the security of open source software and protect the businesses that rely on it.

By clicking “submit” I acknowledge receipt of our Privacy Policy.

Thank you! Your submission has been received!
Please enter a company email.
Early Detection and CVE Remediation

187 Security Issues Fixed
(and always looking for more)

Below is a snapshot of the most recent 10 of 75 vulnerabilities in our database, demonstrating our commitment to transparency and proactive security.
Severity
ID
Technology
Libraries Affected
Category
Version(s) Affected
Published Date
Low
CVE-2020-4051
Open in new tab icon
Dojo
Dojo
Cross-Site Scripting
<1.11.10, >=1.12.0 <1.12.9, >=1.13.0 <1.13.8, >=1.14.0 <1.14.7, >=1.15.0 <1.15.4, >=1.16.0 <1.16.3
Dec 3, 2025
Medium
CVE-2019-10785
Open in new tab icon
Dojo
Dojo
Cross-Site Scripting
<1.11.10, >=1.12.0 <1.12.8, >=1.13.0 <1.13.7, >=1.14.0 <1.14.6, >=1.15.0 <1.15.3, >=1.16.0 <1.16.1
Dec 3, 2025
Medium
CVE-2018-6561
Open in new tab icon
Dojo
Dojo
Cross-Site Scripting
<1.10.10, >=1.11.0 <1.11.6, >=1.12.0 <1.12.4, >=1.13.0 <1.13.1
Dec 3, 2025
High
CVE-2021-23450
Open in new tab icon
Dojo
Dojo
Prototype Pollution
<1.11.13, >=1.12.0 <1.12.11, >=1.13.0 <1.13.10, >=1.14.0 <1.14.9, >=1.15.0 <1.15.6, >=1.16.0 <1.16.5
Dec 3, 2025
Low
CVE-2020-5259
Open in new tab icon
Dojo
Dojo
Prototype Pollution
<1.11.10, >=1.12.0 <1.12.8, >=1.13.0 <1.13.7, >=1.14.0 <1.14.6, >=1.15.0 <1.15.3, >=1.16.0 <1.16.2
Dec 3, 2025
Medium
CVE-2025-3900
Open in new tab icon
Drupal 7
Colorbox
Cross-Site Scripting
>=7.0.0 <=7.2.19
Dec 3, 2025
High
CVE-2025-66412
Open in new tab icon
Angular
Angular
Cross-Site Scripting
>=21.0.0-next.0 <21.0.2, >=20.0.0-next.0 <20.3.15, >=19.0.0-next.0 <19.2.17, <=18.2.14
Dec 2, 2025
High
CVE-2025-66035
Open in new tab icon
Angular
Angular
Information Exposure
>=21.0.0-next.0 <21.0.1, >=20.0.0-next.0 <20.3.14, >=19.0.0-next.0 <19.2.16, <=18.2.14
Dec 2, 2025
Critical
CVE-2018-15494
Open in new tab icon
Dojo
Dojo
Cross-Site Scripting
<1.10.10, >=1.11.0-rc1 <1.11.6, >=1.12.0-rc1 <1.12.4, >=1.13.0 <1.14.0
Nov 24, 2025
Medium
CVE-2025-12848
Open in new tab icon
Drupal 7
Webform Multiple File Upload
Cross-Site Scripting
>=7.0.0 <=7.1.6
Nov 20, 2025
For more details on CVEs found in end-of-life software, visit our vulnerability directory.
View Full Directory
Arrow
Report A Vulnerability

By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

PreferencesRejectAccept
Manage Consent Preferences by Category
Essentials
Always active

Necessary for the site to function. Always On.

Used for targeted advertising.

Remembers your preferences and provides enhanced features.

Measures usage and improves your experience.

Reject AllAccept All
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.