Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,736
Maven
5,000+
npm
4,336
NuGet
764
pip
4,110
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,887 advisories

Loading
XSS in Dolibarr ERP & CRM Moderate
CVE-2020-7996 was published for dolibarr/dolibarr (Composer) Jan 28, 2020
Incorrect Access Control vulnerability in api-platform/core Moderate
CVE-2019-1000011 was published for api-platform/core (Composer) Oct 14, 2019
User enumeration leak using switch user functionality in Symfony Moderate
CVE-2019-18886 was published for symfony/security-http (Composer) Dec 2, 2019
Authorization Bypass Through User-Controlled Key in Bagisto Moderate
CVE-2019-16403 was published for bagisto/bagisto (Composer) Nov 8, 2019
Cross-site Scripting in YII2-CMS Moderate
CVE-2019-16130 was published for yii2mod/yii2-cms (Composer) Oct 14, 2019
Missing Authentication for Critical Function in LibreNMS Moderate
CVE-2019-10668 was published for librenms/librenms (Composer) Oct 11, 2019
Cross-site Scripting in Grav Moderate
CVE-2019-16126 was published for getgrav/grav (Composer) Nov 8, 2019
Exposure of Sensitive Information to an Unauthorized Actor in LibreNMS Moderate
CVE-2019-10667 was published for librenms/librenms (Composer) Oct 11, 2019
Cross-site Scripting in facturascripts Moderate
CVE-2022-1682 was published for facturascripts/facturascripts (Composer) May 13, 2022
Server-Side Request Forgery in dompdf/dompdf Moderate
CVE-2022-0085 was published for dompdf/dompdf (Composer) Jun 29, 2022
G-Rath
Credited to G-Rath
Improper Access Control in wp-graphql Moderate
CVE-2019-25060 was published for wp-graphql/wp-graphql (Composer) May 10, 2022
Unrestricted Upload of File with Dangerous Type in yetiforce-crm Moderate
CVE-2022-1411 was published for yetiforce/yetiforce-crm (Composer) May 6, 2022
Cross-site Scripting in FacturaScripts Moderate
CVE-2022-1571 was published for facturascripts/facturascripts (Composer) May 5, 2022
Microweber vulnerable to cross-site scripting (XSS) Moderate
CVE-2022-1555 was published for microweber/microweber (Composer) May 5, 2022
Cross-site Scripting in Microweber Moderate
CVE-2022-1584 was published for microweber/microweber (Composer) May 5, 2022
SCart is vulnerable to cross-site scripting (XSS) Moderate
CVE-2022-21149 was published for s-cart/core (Composer) May 3, 2022
PrestaShop Product Comments Cross-site Scripting vulnerability Moderate
CVE-2022-35933 was published for prestashop/productcomments (Composer) Aug 31, 2022
Stored XSS using HTMLEditor Moderate
CVE-2022-37429 was published for silverstripe/framework (Composer) Nov 21, 2022
LibreNMS stored Cross-site Scripting via Schedule Maintenance `Title` parameter Moderate
CVE-2022-3231 was published for librenms/librenms (Composer) Sep 18, 2022
Pimcore vulnerable to cross site scripting Moderate
CVE-2022-3255 was published for pimcore/pimcore (Composer) Sep 22, 2022
Craft CMS Cross-site Scripting vulnerability Moderate
CVE-2022-37246 was published for craftcms/cms (Composer) Sep 22, 2022
Microweber vulnerable to HTML Injection in create tag functionality Moderate
CVE-2022-3245 was published for microweber/microweber (Composer) Sep 21, 2022
Snipe-IT vulnerable to Improper Authentication Moderate
CVE-2022-3173 was published for snipe/snipe-it (Composer) Sep 18, 2022
Craft CMS vulnerable to stored Cross-site Scripting via /admin/settings/fields page Moderate
CVE-2022-37247 was published for craftcms/cms (Composer) Sep 17, 2022
TablePress Plugin vulnerable to Cross-site Scripting Moderate
CVE-2022-3788 was published for tobiasbg/tablepress (Composer) Nov 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database