GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+
2,781 advisories
Filter by severity
Incorrect Default Permissions and Improper Access Control in snipe-it
Moderate
CVE-2022-0179
was published
for
snipe/snipe-it
(Composer)
Jan 21, 2022
pimcore is vulnerable to Cross-site Scripting
Moderate
CVE-2022-0257
was published
for
pimcore/pimcore
(Composer)
Jan 21, 2022
livehelperchat is vulnerable to Cross-site Scripting
Moderate
CVE-2022-0253
was published
for
remdex/livehelperchat
(Composer)
Jan 21, 2022
pimcore is vulnerable to Cross-site Scripting
Moderate
CVE-2022-0256
was published
for
pimcore/pimcore
(Composer)
Jan 21, 2022
icecoder is vulnerable to Cross-site Scripting
Moderate
CVE-2021-3862
was published
for
icecoder/icecoder
(Composer)
Jan 21, 2022
User enumeration in livehelperchat
Moderate
CVE-2022-0083
was published
for
remdex/livehelperchat
(Composer)
Jan 21, 2022
Cross-site Scripting in pimcore
Moderate
CVE-2022-0262
was published
for
pimcore/pimcore
(Composer)
Jan 21, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat
Moderate
CVE-2022-0245
was published
for
livehelperchat/livehelperchat
(Composer)
Jan 21, 2022
Impersonation of other users (passing XBOX Live authentication) by theft of logins in PocketMine-MP
Moderate
GHSA-h79x-98r2-g6qc
was published
for
pocketmine/pocketmine-mp
(Composer)
Jan 21, 2022
Authorization Bypass Through User-Controlled Key in LiveHelperChat
Moderate
CVE-2022-0266
was published
for
remdex/livehelperchat
(Composer)
Jan 21, 2022
Insufficient Session Expiration in Pterodactyl API
Moderate
GHSA-7v3x-h7r2-34jv
was published
for
pterodactyl/panel
(Composer)
Jan 21, 2022
Cross-site Scripting in pimcore
Moderate
CVE-2022-0285
was published
for
pimcore/pimcore
(Composer)
Jan 21, 2022
Cross-site Scripting in microweber
Moderate
CVE-2022-0278
was published
for
microweber/microweber
(Composer)
Jan 21, 2022
Microweber Incorrect Permission Assignment for Critical Resource vulnerability
Moderate
CVE-2022-0277
was published
for
microweber/microweber
(Composer)
Jan 21, 2022
Logic error in dolibarr
Moderate
CVE-2022-0174
was published
for
dolibarr/dolibarr
(Composer)
Jan 12, 2022
XSS vulnerability in translations
Moderate
GHSA-rrgw-3hg3-9x8c
was published
for
oro/platform
(Composer)
Jan 12, 2022
bookstack is vulnerable to Improper Access Control
Moderate
CVE-2021-4194
was published
for
ssddanbrown/bookstack
(Composer)
Jan 8, 2022
Cross-site Scripting in DayByDay CRM
Moderate
CVE-2022-22109
was published
for
bottelet/flarepoint
(Composer)
Jan 8, 2022
Missing Authorization in DayByDay CRM
Moderate
CVE-2022-22107
was published
for
bottelet/flarepoint
(Composer)
Jan 8, 2022
Missing Authorization in DayByDay CRM
Moderate
CVE-2022-22108
was published
for
bottelet/flarepoint
(Composer)
Jan 8, 2022
Wechat-php-sdk is affected by a Cross Site Scripting vulnerability.
Moderate
CVE-2021-43678
was published
for
gaoming13/wechat-php-sdk
(Composer)
Jan 7, 2022
Book page text, count, and author/title length is not limited in PocketMine-MP
Moderate
GHSA-p62j-hrxm-xcxf
was published
for
pocketmine/pocketmine-mp
(Composer)
Jan 6, 2022
Open redirect in shopware
Moderate
CVE-2022-21651
was published
for
shopware/shopware
(Composer)
Jan 6, 2022
showdoc is vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2022-0079
was published
for
showdoc/showdoc
(Composer)
Jan 6, 2022
ProTip!
Advisories are also available from the
GraphQL API