Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,110
NuGet
735
pip
3,933
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,780 advisories

Loading
BookStack is vulnerable to Improper Access Control. Moderate
CVE-2021-4119 was published for ssddanbrown/bookstack (Composer) Dec 16, 2021
snipe-it is vulnerable to Improper Access Control Moderate
CVE-2021-4089 was published for snipe/snipe-it (Composer) Dec 16, 2021
YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product Moderate
CVE-2021-4117 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
kimai2 is vulnerable to Improper Access Control Moderate
CVE-2021-3992 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4026 was published for ssddanbrown/bookstack (Composer) Dec 1, 2021
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms Moderate
CVE-2022-39314 was published for getkirby/cms (Composer) Oct 18, 2022
florianmrz
Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack Moderate
CVE-2022-31109 was published for laminas/laminas-diactoros (Composer) Jul 27, 2022
MaximilianKresse
Reflected Cross-site Scripting in Shopware storefront Moderate
CVE-2022-24873 was published for shopware/shopware (Composer) Apr 28, 2022
Cross-site Scripting in microweber Moderate
CVE-2022-1504 was published for microweber/microweber (Composer) Apr 28, 2022
Stored cross site scripting in getgrav/grav Moderate
CVE-2022-1173 was published for getgrav/grav (Composer) Apr 27, 2022
Multiple valid tokens for password reset in Shopware Moderate
CVE-2022-24892 was published for shopware/shopware (Composer) Apr 28, 2022
Froxlor vulnerable to code injection Moderate
CVE-2022-3869 was published for froxlor/froxlor (Composer) Nov 5, 2022
Inadequate Encryption Strength in showdoc Moderate
CVE-2021-3680 was published for showdoc/showdoc (Composer) Sep 1, 2021
Insufficient Session Expiration in snipe/snipe-it Moderate
CVE-2022-2997 was published for snipe/snipe-it (Composer) Aug 26, 2022
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-32716 was published for shopware/platform (Composer) Sep 8, 2021
Cross-site scripting from dynamic options in the multiselect field Moderate
CVE-2022-36037 was published for getkirby/cms (Composer) Aug 29, 2022
Centreon contains cross-site scripting vulnerability via esc_name parameter Moderate
CVE-2022-40044 was published for centreon/centreon (Composer) Sep 27, 2022
TYPO3 HTML Sanitizer vulnerable to Cross-Site Scripting Moderate
CVE-2022-23499 was published for typo3/cms (Composer) Dec 13, 2022
leeN
phpMyFAQ vulnerable to Cross-site Scripting Moderate
CVE-2022-4408 was published for thorsten/phpmyfaq (Composer) Dec 11, 2022
NukeView CMS vulnerable to Cross-site Scripting Moderate
CVE-2022-3975 was published for nukeviet/nukeviet (Composer) Nov 13, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting Moderate
CVE-2022-3002 was published for yetiforce/yetiforce-crm (Composer) Oct 6, 2022
Awesome Support vulnerable to persistent cross-site scripting Moderate
CVE-2022-38073 was published for awesome-support/awesome-support (Composer) Sep 22, 2022
Microweber's title parameter in the body of POST request vulnerable to stored XSS Moderate
CVE-2022-2777 was published for microweber/microweber (Composer) Aug 12, 2022
phpMyFAQ vulnerable to Cross-site Scripting Moderate
CVE-2022-4407 was published for thorsten/phpmyfaq (Composer) Dec 11, 2022
Cross-site scripting vulnerability in TinyMCE alerts Moderate
CVE-2022-23494 was published for TinyMCE (Composer) Dec 8, 2022
P4rkJW
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database