Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,731
Maven
5,000+
npm
4,332
NuGet
763
pip
4,109
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,887 advisories

Loading
Tribal Systems Zenario CMS vulnerable to Session Fixation Moderate
CVE-2022-4231 was published for tribalsystems/zenario (Composer) Nov 30, 2022
Shopware vulnerable to persistent cross site scripting (XSS) in customer module Moderate
CVE-2022-31148 was published for shopware/shopware (Composer) Jul 27, 2022
FeehiCMS is vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-43320 was published for feehi/cms (Composer) Nov 9, 2022
Subrion CMS is vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-43121 was published for intelliants/subrion (Composer) Nov 9, 2022
Subrion CMS is vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-43120 was published for intelliants/subrion (Composer) Nov 9, 2022
OroCommerce Cross site scripting vulnerability during shipping rule editing for UPS integration Moderate
CVE-2022-31037 was published for oro/commerce (Composer) Oct 18, 2022
CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection Moderate
CVE-2022-35943 was published for codeigniter4/shield (Composer) Aug 18, 2022
wert310 pedromigueladao
lavish
Credited to wert310, pedromigueladao, and lavish
ForkCMS XSS via `end_date` parameter Moderate
CVE-2022-35590 was published for forkcms/forkcms (Composer) Aug 13, 2022
ForkCMS XSS via `publish_on_date` parameter Moderate
CVE-2022-35587 was published for forkcms/forkcms (Composer) Aug 13, 2022
ForkCMS stored XSS via `start_date` parameter Moderate
CVE-2022-35585 was published for forkcms/forkcms (Composer) Aug 13, 2022
Path Traversal in FileGator Moderate
CVE-2022-1850 was published for filegator/filegator (Composer) May 25, 2022
ForkCMS XSS via `publish_on_time` parameter Moderate
CVE-2022-35589 was published for forkcms/forkcms (Composer) Aug 13, 2022
TYPO3 CMS vulnerable to Weak Authentication in Frontend Login Moderate
CVE-2022-23501 was published for typo3/cms (Composer) Dec 13, 2022
derhansen
Credited to derhansen
Improper user session handling in filegator Moderate
CVE-2022-1849 was published for filegator/filegator (Composer) May 25, 2022
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling Moderate
CVE-2022-23500 was published for typo3/cms (Composer) Dec 13, 2022
TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset Moderate
CVE-2022-23502 was published for typo3/cms (Composer) Dec 13, 2022
derhansen
Credited to derhansen
Missing authorization in Moodle Moderate
CVE-2022-0984 was published for moodle/moodle (Composer) Apr 30, 2022
An attacker can execute malicious javascript in Live Helper Chat Moderate
CVE-2022-1530 was published for remdex/livehelperchat (Composer) Apr 30, 2022
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file Moderate
CVE-2011-3712 was published for cakephp/cakephp (Composer) May 17, 2022
ravage84
Credited to ravage84
CakePHP directory traversal vulnerability allows remote attackers to read arbitrary files Moderate
CVE-2006-5031 was published for cakephp/cakephp (Composer) May 1, 2022
ravage84
Credited to ravage84
YetiForce CRM vulnerable to stored Cross-site Scripting via WidgetsManagement module Moderate
CVE-2022-2924 was published for yetiforce/yetiforce-crm (Composer) Sep 21, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module Moderate
CVE-2022-3005 was published for yetiforce/yetiforce-crm (Composer) Sep 21, 2022
Craft CMS Cross site Scripting vulnerability Moderate
CVE-2022-37248 was published for craftcms/cms (Composer) Sep 17, 2022
brandonkelly
Credited to brandonkelly
phpMyFAQ vulnerable to stored Cross-site Scripting Moderate
CVE-2022-3765 was published for thorsten/phpmyfaq (Composer) Oct 31, 2022
Microweber Cross-site Scripting can result in redirection to a malicious site Moderate
CVE-2022-3242 was published for microweber/microweber (Composer) Sep 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database