Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,868
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,117
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,780 advisories

Loading
Cross-site Scripting in librenms/librenms Moderate
CVE-2022-4069 was published for librenms/librenms (Composer) Nov 20, 2022
Cross-site Scripting in Zenario Moderate
CVE-2022-44069 was published for tribalsystems/zenario (Composer) Nov 16, 2022
Concrete CMS vulnerable to Session Fixation Moderate
CVE-2022-43687 was published for concrete5/concrete5 (Composer) Nov 15, 2022
Concrete CMS vulnerable to Reflected Cross-site Scripting via image manipulation library Moderate
CVE-2022-43694 was published for concrete5/concrete5 (Composer) Nov 15, 2022
Cross-site Scripting in librenms/librenms Moderate
CVE-2022-4067 was published for librenms/librenms (Composer) Nov 20, 2022
Cross-site Scripting in librenms/librenms Moderate
CVE-2022-3516 was published for librenms/librenms (Composer) Nov 20, 2022
Cross-site Scripting in librenms/librenms Moderate
CVE-2022-3562 was published for librenms/librenms (Composer) Nov 20, 2022
Cross-site Scripting in Zenario Moderate
CVE-2022-44071 was published for tribalsystems/zenario (Composer) Nov 16, 2022
Cross-site Scripting in Zenario Moderate
CVE-2022-44070 was published for tribalsystems/zenario (Composer) Nov 16, 2022
Concrete CMS vulnerable to Cross-site Scripting via multilingual report Moderate
CVE-2022-43967 was published for concrete5/concrete5 (Composer) Nov 15, 2022
Concrete CMS vulnerable to XML External Entity Moderate
CVE-2022-43689 was published for concrete5/concrete5 (Composer) Nov 15, 2022
Concrete CMS vulnerable to Cleartext Transmission of Sensitive Information Moderate
CVE-2022-43691 was published for concrete5/concrete5 (Composer) Nov 15, 2022
Concrete CMS vulnerable to Reflected Cross-Site Scripting via dashboard icons Moderate
CVE-2022-43968 was published for concrete5/concrete5 (Composer) Nov 15, 2022
Cross-Site Request Forgery in Moodle Moderate
CVE-2022-45149 was published for moodle/moodle (Composer) Nov 23, 2022
baserCMS vulnerable to stored Cross-site Scripting Moderate
CVE-2022-41994 was published for baserproject/basercms (Composer) Dec 7, 2022
Concrete CMS vulnerable to cross-site scripting in the text input field Moderate
CVE-2022-43556 was published for concrete5/concrete5 (Composer) Dec 6, 2022
baserCMS vulnerable to stored Cross-site Scripting Moderate
CVE-2022-42486 was published for baserproject/basercms (Composer) Dec 7, 2022
Potential CSV Injection vector in OctoberCMS Moderate
CVE-2020-5299 was published for october/backend (Composer) Jun 3, 2020
staz0t
Incorrect Access Control vulnerability in api-platform/core Moderate
CVE-2019-1000011 was published for api-platform/core (Composer) Oct 14, 2019
XSS in Dolibarr ERP & CRM Moderate
CVE-2020-7996 was published for dolibarr/dolibarr (Composer) Jan 28, 2020
User enumeration leak using switch user functionality in Symfony Moderate
CVE-2019-18886 was published for symfony/security-http (Composer) Dec 2, 2019
Missing Authentication for Critical Function in LibreNMS Moderate
CVE-2019-10668 was published for librenms/librenms (Composer) Oct 11, 2019
Authorization Bypass Through User-Controlled Key in Bagisto Moderate
CVE-2019-16403 was published for bagisto/bagisto (Composer) Nov 8, 2019
Cross-site Scripting in YII2-CMS Moderate
CVE-2019-16130 was published for yii2mod/yii2-cms (Composer) Oct 14, 2019
Cross-site Scripting in Grav Moderate
CVE-2019-16126 was published for getgrav/grav (Composer) Nov 8, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database