Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,886 advisories

Loading
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent Moderate
CVE-2022-36032 was published for react/http (Composer) Sep 16, 2022
lavish
Credited to lavish
Microweber before 1.2.21 vulnerable to reflected XSS Moderate
CVE-2022-2470 was published for microweber/microweber (Composer) Jul 23, 2022
Microweber Stored Cross-site Scripting before v1.2.20 Moderate
CVE-2022-2495 was published for microweber/microweber (Composer) Jul 23, 2022
Serubin
Credited to Serubin
Known vulnerable to code execution via SVG file in v1.3.1 Moderate
CVE-2022-32115 was published for idno/known (Composer) Jul 9, 2022
Stored XSS in link tags added via XHR in SilverStripe Framework Moderate
CVE-2022-28803 was published for silverstripe/framework (Composer) Jun 29, 2022
Hybridsessions does not expire session id on logout Moderate
CVE-2022-24444 was published for silverstripe/hybridsessions (Composer) Jun 29, 2022
Unpublished, protected files can be published via shortcode Moderate
CVE-2022-29858 was published for silverstripe/assets (Composer) Jun 29, 2022
Cross-site Scripting in admidio Moderate
CVE-2022-23896 was published for admidio/admidio (Composer) Jun 29, 2022
Cross-site Scripting in microweber Moderate
CVE-2022-2300 was published for microweber/microweber (Composer) Jul 5, 2022
Open Redirect in microweber Moderate
CVE-2022-2252 was published for microweber/microweber (Composer) Jun 30, 2022
Known v1.3.1 contains Insecure Direct Object Reference Moderate
CVE-2022-30852 was published for idno/known (Composer) Jul 9, 2022
Snipe-IT 6.0.2 vulnerable to Cross-site Scripting Moderate
CVE-2022-32061 was published for snipe/snipe-it (Composer) Jul 8, 2022
Cross-site Scripting in microweber Moderate
CVE-2022-2280 was published for microweber/microweber (Composer) Jul 2, 2022
Stored XSS via HTML fields in SilverStripe Framework Moderate
CVE-2022-25238 was published for silverstripe/framework (Composer) Jun 29, 2022
Cross-site Scripting in Microweber Moderate
CVE-2022-2130 was published for microweber/microweber (Composer) Jun 21, 2022
Cross site scripting in Elefant CMS Moderate
CVE-2017-20061 was published for elefant/cms (Composer) Jun 21, 2022
Information Disclosure via Export Module Moderate
CVE-2022-31046 was published for typo3/cms (Composer) Jun 17, 2022
linawolf derhansen
Credited to linawolf and derhansen
brotkrueml/schema fails to properly encode user input for output in HTML context, leading to XSS Moderate
CVE-2022-33154 was published for brotkrueml/schema (Composer) Jun 17, 2022
Insufficient Session Expiration in TYPO3's Admin Tool Moderate
CVE-2022-31050 was published for typo3/cms (Composer) Jun 17, 2022
waldhacker1 ohader
Credited to waldhacker1 and ohader
Known v1.3.1 Cross-site Scripting Moderate
CVE-2022-31290 was published for idno/known (Composer) Jul 9, 2022
Cross-site Scripting in NukeViet CMS Moderate
CVE-2022-30874 was published for nukeviet/nukeviet (Composer) Jun 22, 2022
Cross site scripting in Elefant CMS Moderate
CVE-2017-20060 was published for elefant/cms (Composer) Jun 21, 2022
Incorrect Authorization in thinkcmf Moderate
CVE-2021-40616 was published for thinkcmf/thinkcmf (Composer) Jun 15, 2022
brotkrueml/typo3-matomo-integration vulnerable to Cross-Site Scripting Moderate
CVE-2022-33156 was published for brotkrueml/typo3-matomo-integration (Composer) Jun 17, 2022
Cross-Site Scripting in TYPO3's Frontend Login Mailer Moderate
CVE-2022-31049 was published for typo3/cms (Composer) Jun 17, 2022
cseifert andreaskienast
Credited to cseifert and andreaskienast
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database