Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,731
Maven
5,000+
npm
4,332
NuGet
763
pip
4,109
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,887 advisories

Loading
Cross-site scripting vulnerability in TinyMCE plugins Moderate
CVE-2024-21910 was published for TinyMCE (Composer) Nov 2, 2021
Cross-Site Scripting in grav Moderate
CVE-2021-3904 was published for getgrav/grav (Composer) Nov 1, 2021
Cross-Site Request Forgery in firefly-iii Moderate
CVE-2021-3900 was published for grumpydictator/firefly-iii (Composer) Oct 28, 2021
Authenticated Stored XSS in shopware/shopware Moderate
CVE-2021-41188 was published for shopware/shopware (Composer) Oct 27, 2021
Cross Site Scripting in Microweber Moderate
CVE-2021-33988 was published for microweber/microweber (Composer) Oct 25, 2021
Cross-site scripting in forkcms Moderate
CVE-2020-23049 was published for forkcms/forkcms (Composer) Oct 25, 2021
Cross-site scripting vulnerability in TinyMCE Moderate
CVE-2024-21908 was published for TinyMCE (Composer) Oct 22, 2021
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in sulu/sulu Moderate
CVE-2021-41169 was published for sulu/sulu (Composer) Oct 22, 2021
Cross-site Scripting in snipe-it Moderate
CVE-2021-3863 was published for snipe/snipe-it (Composer) Oct 21, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Moodle Moderate
CVE-2020-25703 was published for moodle/moodle (Composer) Oct 21, 2021
Cross-Site Request Forgery in snipe-it Moderate
CVE-2021-3858 was published for snipe/snipe-it (Composer) Oct 21, 2021
Open Redirect in firefly-iii Moderate
CVE-2021-3851 was published for grumpydictator/firefly-iii (Composer) Oct 21, 2021
Cross-site Scripting in snipe-it Moderate
CVE-2021-3879 was published for snipe/snipe-it (Composer) Oct 21, 2021
SilverStripe GraphQL Server permission checker not inherited by query subclass. Moderate
CVE-2021-28661 was published for silverstripe/graphql (Composer) Oct 12, 2021
Cross-site Scripting in SilverStripe Framework Moderate
CVE-2021-36150 was published for silverstripe/admin (Composer) Oct 12, 2021
Cross-site Scripting in Limesurvey Moderate
CVE-2021-42112 was published for limesurvey/limesurvey (Composer) Oct 12, 2021
Improper Certificate Validation in Heartland & Global Payments PHP SDK Moderate
CVE-2019-20455 was published for globalpayments/php-sdk (Composer) Oct 12, 2021
Stored XSS with custom URLs in PrestaShop module ps_linklist Moderate
CVE-2020-5273 was published for prestashop/ps_linklist (Composer) Oct 12, 2021
HTTP Host Header Injection Moderate
CVE-2021-41114 was published for typo3/cms (Composer) Oct 5, 2021
bnf
Credited to bnf
Cross-site scripting in demos/demo.mysqli.php in getID3 Moderate
CVE-2021-40926 was published for james-heinrich/getid3 (Composer) Oct 4, 2021
Cross-site scripting in application/controllers/dropbox.php in JustWriting Moderate
CVE-2021-41467 was published for hjue/justwriting (Composer) Oct 4, 2021
Cross-site Scripting in LaraCMS Moderate
CVE-2020-20129 was published for wanglelecc/laracms (Composer) Oct 4, 2021
Cross-site Scripting in GilaCMS Moderate
CVE-2020-20696 was published for gilacms/gila (Composer) Sep 30, 2021
Cross-site Scripting in GilaCMS Moderate
CVE-2020-20695 was published for gilacms/gila (Composer) Sep 30, 2021
Reliance on Cookies without Validation and Integrity Checking in getgrav/grav Moderate
CVE-2021-3818 was published for getgrav/grav (Composer) Sep 29, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database