GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
193 advisories
Filter by severity
Information Disclosure due to Out-of-scope Site Resolution
Low
CVE-2023-38499
was published
for
typo3/cms-core
(Composer)
Jul 25, 2023
Winter CMS stored XSS through privileged upload of SVG file
Low
CVE-2023-37269
was published
for
wintercms/winter
(Composer)
Jul 7, 2023
Admidio Improper Access Control vulnerability
Low
CVE-2023-3303
was published
for
admidio/admidio
(Composer)
Jun 23, 2023
CraftCMS stored XSS in Quick Post widget error message
Low
CVE-2023-33194
was published
for
craftcms/cms
(Composer)
May 26, 2023
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names
Low
CVE-2023-28819
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
Stored cross site scripting in RSS displayer
Low
CVE-2023-28820
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
AzuraCast/AzuraCast vulnerable to cross-site scripting
Low
CVE-2023-2191
was published
for
azuracast/azuracast
(Composer)
Apr 20, 2023
Timing attack in eZ Platform Ibexa
Low
CVE-2022-48366
was published
for
ezsystems/ezplatform-kernel
(Composer)
Mar 12, 2023
Shopware has Insufficient Session Expiration in Administration
Low
CVE-2023-22732
was published
for
shopware/core
(Composer)
Jan 20, 2023
Shopware's log module vulnerable to Improper Output Neutralization
Low
CVE-2023-22733
was published
for
shopware/core
(Composer)
Jan 20, 2023
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted
Low
CVE-2023-22489
was published
for
flarum/core
(Composer)
Jan 10, 2023
Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued
Low
CVE-2022-39284
was published
for
codeigniter4/framework
(Composer)
Oct 6, 2022
EC-CUBE Directory traversal vulnerability
Low
CVE-2022-40199
was published
for
ec-cube/ec-cube
(Composer)
Sep 28, 2022
Byobu user preference to prevent private discussions being started are not respected
Low
CVE-2022-35921
was published
for
fof/byobu
(Composer)
Aug 6, 2022
Cross site scripting in Concrete CMS
Low
CVE-2022-30120
was published
for
concrete5/core
(Composer)
Jun 25, 2022
Failed payment recorded has completed in Silverstripe Omnipay
Low
CVE-2022-29254
was published
for
silverstripe/silverstripe-omnipay
(Composer)
Jun 6, 2022
Magento Information Disclosure vulnerability
Low
CVE-2021-28566
was published
for
magento/community-edition
(Composer)
May 24, 2022
OpenCart Cross-Site Request Forgery (CSRF)
Low
CVE-2020-28838
was published
for
opencart/opencart
(Composer)
May 24, 2022
Magento information disclosure vulnerability
Low
CVE-2020-24406
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento incorrect user permissions vulnerability within the Inventory component
Low
CVE-2020-24403
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition vulnerable to Improper Authorization
Low
CVE-2020-24404
was published
for
magento/community-edition
(Composer)
May 24, 2022
Drupal cross-site scripting vulnerability via actions feature and trigger module
Low
CVE-2010-3094
was published
for
drupal/drupal
(Composer)
May 17, 2022
phpMyAdmin Multiple XSS Vulnerabilities
Low
CVE-2012-4579
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Typo3 Backend XSS Vulnerabilities
Low
CVE-2012-1606
was published
for
typo3/cms
(Composer)
May 17, 2022
phpMyAdmin multiple cross-site scripting vulnerabilities
Low
CVE-2012-5339
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API