Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,111
NuGet
735
pip
3,933
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,780 advisories

Loading
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4026 was published for ssddanbrown/bookstack (Composer) Dec 1, 2021
kimai2 is vulnerable to Improper Access Control Moderate
CVE-2021-3992 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product Moderate
CVE-2021-4117 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
snipe-it is vulnerable to Improper Access Control Moderate
CVE-2021-4089 was published for snipe/snipe-it (Composer) Dec 16, 2021
BookStack is vulnerable to Improper Access Control. Moderate
CVE-2021-4119 was published for ssddanbrown/bookstack (Composer) Dec 16, 2021
ProcessWire vulnerable to Cross-site Scripting Moderate
CVE-2022-40487 was published for processwire/processwire (Composer) Oct 31, 2022
ProcessWire vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-40488 was published for processwire/processwire (Composer) Oct 31, 2022
Moodle Cross-site Scripting vulnerability Moderate
CVE-2021-36568 was published for moodle/moodle (Composer) Sep 14, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting via LayoutEditor module Moderate
CVE-2022-3000 was published for yetiforce/yetiforce-crm (Composer) Sep 21, 2022
phpMyFAQ vulnerable to reflected Cross-site Scripting Moderate
CVE-2022-3766 was published for thorsten/phpmyfaq (Composer) Oct 31, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module Moderate
CVE-2022-3004 was published for yetiforce/yetiforce-crm (Composer) Sep 21, 2022
Craft CMS Stored Cross-site Scripting in User Addresses Title Moderate
CVE-2022-37250 was published for craftcms/cms (Composer) Sep 17, 2022
brandonkelly
Microweber Cross-site Scripting can result in redirection to a malicious site Moderate
CVE-2022-3242 was published for microweber/microweber (Composer) Sep 21, 2022
phpMyFAQ vulnerable to stored Cross-site Scripting Moderate
CVE-2022-3765 was published for thorsten/phpmyfaq (Composer) Oct 31, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module Moderate
CVE-2022-3005 was published for yetiforce/yetiforce-crm (Composer) Sep 21, 2022
Craft CMS Cross site Scripting vulnerability Moderate
CVE-2022-37248 was published for craftcms/cms (Composer) Sep 17, 2022
brandonkelly
YetiForce CRM vulnerable to stored Cross-site Scripting via WidgetsManagement module Moderate
CVE-2022-2924 was published for yetiforce/yetiforce-crm (Composer) Sep 21, 2022
CakePHP directory traversal vulnerability allows remote attackers to read arbitrary files Moderate
CVE-2006-5031 was published for cakephp/cakephp (Composer) May 1, 2022
ravage84
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file Moderate
CVE-2011-3712 was published for cakephp/cakephp (Composer) May 17, 2022
ravage84
An attacker can execute malicious javascript in Live Helper Chat Moderate
CVE-2022-1530 was published for remdex/livehelperchat (Composer) Apr 30, 2022
Missing authorization in Moodle Moderate
CVE-2022-0984 was published for moodle/moodle (Composer) Apr 30, 2022
TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset Moderate
CVE-2022-23502 was published for typo3/cms (Composer) Dec 13, 2022
derhansen
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling Moderate
CVE-2022-23500 was published for typo3/cms (Composer) Dec 13, 2022
Improper user session handling in filegator Moderate
CVE-2022-1849 was published for filegator/filegator (Composer) May 25, 2022
TYPO3 CMS vulnerable to Weak Authentication in Frontend Login Moderate
CVE-2022-23501 was published for typo3/cms (Composer) Dec 13, 2022
derhansen
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database