Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,114
NuGet
735
pip
3,934
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,780 advisories

Loading
ForkCMS XSS via `end_date` parameter Moderate
CVE-2022-35590 was published for forkcms/forkcms (Composer) Aug 13, 2022
ForkCMS XSS via `publish_on_date` parameter Moderate
CVE-2022-35587 was published for forkcms/forkcms (Composer) Aug 13, 2022
ForkCMS stored XSS via `start_date` parameter Moderate
CVE-2022-35585 was published for forkcms/forkcms (Composer) Aug 13, 2022
Path Traversal in FileGator Moderate
CVE-2022-1850 was published for filegator/filegator (Composer) May 25, 2022
ForkCMS XSS via `publish_on_time` parameter Moderate
CVE-2022-35589 was published for forkcms/forkcms (Composer) Aug 13, 2022
TYPO3 CMS vulnerable to Weak Authentication in Frontend Login Moderate
CVE-2022-23501 was published for typo3/cms (Composer) Dec 13, 2022
derhansen
Improper user session handling in filegator Moderate
CVE-2022-1849 was published for filegator/filegator (Composer) May 25, 2022
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling Moderate
CVE-2022-23500 was published for typo3/cms (Composer) Dec 13, 2022
TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset Moderate
CVE-2022-23502 was published for typo3/cms (Composer) Dec 13, 2022
derhansen
Missing authorization in Moodle Moderate
CVE-2022-0984 was published for moodle/moodle (Composer) Apr 30, 2022
An attacker can execute malicious javascript in Live Helper Chat Moderate
CVE-2022-1530 was published for remdex/livehelperchat (Composer) Apr 30, 2022
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file Moderate
CVE-2011-3712 was published for cakephp/cakephp (Composer) May 17, 2022
ravage84
CakePHP directory traversal vulnerability allows remote attackers to read arbitrary files Moderate
CVE-2006-5031 was published for cakephp/cakephp (Composer) May 1, 2022
ravage84
YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module Moderate
CVE-2022-3005 was published for yetiforce/yetiforce-crm (Composer) Sep 21, 2022
Craft CMS Cross site Scripting vulnerability Moderate
CVE-2022-37248 was published for craftcms/cms (Composer) Sep 17, 2022
brandonkelly
YetiForce CRM vulnerable to stored Cross-site Scripting via WidgetsManagement module Moderate
CVE-2022-2924 was published for yetiforce/yetiforce-crm (Composer) Sep 21, 2022
phpMyFAQ vulnerable to stored Cross-site Scripting Moderate
CVE-2022-3765 was published for thorsten/phpmyfaq (Composer) Oct 31, 2022
Microweber Cross-site Scripting can result in redirection to a malicious site Moderate
CVE-2022-3242 was published for microweber/microweber (Composer) Sep 21, 2022
Craft CMS Stored Cross-site Scripting in User Addresses Title Moderate
CVE-2022-37250 was published for craftcms/cms (Composer) Sep 17, 2022
brandonkelly
phpMyFAQ vulnerable to reflected Cross-site Scripting Moderate
CVE-2022-3766 was published for thorsten/phpmyfaq (Composer) Oct 31, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module Moderate
CVE-2022-3004 was published for yetiforce/yetiforce-crm (Composer) Sep 21, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting via LayoutEditor module Moderate
CVE-2022-3000 was published for yetiforce/yetiforce-crm (Composer) Sep 21, 2022
Moodle Cross-site Scripting vulnerability Moderate
CVE-2021-36568 was published for moodle/moodle (Composer) Sep 14, 2022
ProcessWire vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-40488 was published for processwire/processwire (Composer) Oct 31, 2022
ProcessWire vulnerable to Cross-site Scripting Moderate
CVE-2022-40487 was published for processwire/processwire (Composer) Oct 31, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database