Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,886 advisories

Loading
YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module Moderate
CVE-2022-3004 was published for yetiforce/yetiforce-crm (Composer) Sep 21, 2022
phpMyFAQ vulnerable to reflected Cross-site Scripting Moderate
CVE-2022-3766 was published for thorsten/phpmyfaq (Composer) Oct 31, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting via LayoutEditor module Moderate
CVE-2022-3000 was published for yetiforce/yetiforce-crm (Composer) Sep 21, 2022
Moodle Cross-site Scripting vulnerability Moderate
CVE-2021-36568 was published for moodle/moodle (Composer) Sep 14, 2022
ProcessWire vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-40488 was published for processwire/processwire (Composer) Oct 31, 2022
ProcessWire vulnerable to Cross-site Scripting Moderate
CVE-2022-40487 was published for processwire/processwire (Composer) Oct 31, 2022
BookStack is vulnerable to Improper Access Control. Moderate
CVE-2021-4119 was published for ssddanbrown/bookstack (Composer) Dec 16, 2021
snipe-it is vulnerable to Improper Access Control Moderate
CVE-2021-4089 was published for snipe/snipe-it (Composer) Dec 16, 2021
kimai2 is vulnerable to Improper Access Control Moderate
CVE-2021-3992 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product Moderate
CVE-2021-4117 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4026 was published for ssddanbrown/bookstack (Composer) Dec 1, 2021
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms Moderate
CVE-2022-39314 was published for getkirby/cms (Composer) Oct 18, 2022
florianmrz
Credited to florianmrz
Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack Moderate
CVE-2022-31109 was published for laminas/laminas-diactoros (Composer) Jul 27, 2022
MaximilianKresse
Credited to MaximilianKresse
Stored cross site scripting in getgrav/grav Moderate
CVE-2022-1173 was published for getgrav/grav (Composer) Apr 27, 2022
Reflected Cross-site Scripting in Shopware storefront Moderate
CVE-2022-24873 was published for shopware/shopware (Composer) Apr 28, 2022
Cross-site Scripting in microweber Moderate
CVE-2022-1504 was published for microweber/microweber (Composer) Apr 28, 2022
Multiple valid tokens for password reset in Shopware Moderate
CVE-2022-24892 was published for shopware/shopware (Composer) Apr 28, 2022
Froxlor vulnerable to code injection Moderate
CVE-2022-3869 was published for froxlor/froxlor (Composer) Nov 5, 2022
Inadequate Encryption Strength in showdoc Moderate
CVE-2021-3680 was published for showdoc/showdoc (Composer) Sep 1, 2021
Insufficient Session Expiration in snipe/snipe-it Moderate
CVE-2022-2997 was published for snipe/snipe-it (Composer) Aug 26, 2022
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-32716 was published for shopware/platform (Composer) Sep 8, 2021
Cross-site scripting from dynamic options in the multiselect field Moderate
CVE-2022-36037 was published for getkirby/cms (Composer) Aug 29, 2022
Centreon contains cross-site scripting vulnerability via esc_name parameter Moderate
CVE-2022-40044 was published for centreon/centreon (Composer) Sep 27, 2022
TYPO3 HTML Sanitizer vulnerable to Cross-Site Scripting Moderate
CVE-2022-23499 was published for typo3/cms (Composer) Dec 13, 2022
leeN
Credited to leeN
phpMyFAQ vulnerable to Cross-site Scripting Moderate
CVE-2022-4408 was published for thorsten/phpmyfaq (Composer) Dec 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database