Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,868
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,118
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,780 advisories

Loading
ForkCMS XSS via `publish_on_time` parameter Moderate
CVE-2022-35589 was published for forkcms/forkcms (Composer) Aug 13, 2022
Path Traversal in FileGator Moderate
CVE-2022-1850 was published for filegator/filegator (Composer) May 25, 2022
ForkCMS stored XSS via `start_date` parameter Moderate
CVE-2022-35585 was published for forkcms/forkcms (Composer) Aug 13, 2022
ForkCMS XSS via `publish_on_date` parameter Moderate
CVE-2022-35587 was published for forkcms/forkcms (Composer) Aug 13, 2022
ForkCMS XSS via `end_date` parameter Moderate
CVE-2022-35590 was published for forkcms/forkcms (Composer) Aug 13, 2022
CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection Moderate
CVE-2022-35943 was published for codeigniter4/shield (Composer) Aug 18, 2022
wert310 pedromigueladao
lavish
OroCommerce Cross site scripting vulnerability during shipping rule editing for UPS integration Moderate
CVE-2022-31037 was published for oro/commerce (Composer) Oct 18, 2022
Subrion CMS is vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-43121 was published for intelliants/subrion (Composer) Nov 9, 2022
Subrion CMS is vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-43120 was published for intelliants/subrion (Composer) Nov 9, 2022
FeehiCMS is vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-43320 was published for feehi/cms (Composer) Nov 9, 2022
Shopware vulnerable to persistent cross site scripting (XSS) in customer module Moderate
CVE-2022-31148 was published for shopware/shopware (Composer) Jul 27, 2022
Tribal Systems Zenario CMS vulnerable to Session Fixation Moderate
CVE-2022-4231 was published for tribalsystems/zenario (Composer) Nov 30, 2022
TablePress Plugin vulnerable to Cross-site Scripting Moderate
CVE-2022-3788 was published for tobiasbg/tablepress (Composer) Nov 1, 2022
Craft CMS vulnerable to stored Cross-site Scripting via /admin/settings/fields page Moderate
CVE-2022-37247 was published for craftcms/cms (Composer) Sep 17, 2022
Snipe-IT vulnerable to Improper Authentication Moderate
CVE-2022-3173 was published for snipe/snipe-it (Composer) Sep 18, 2022
Craft CMS Cross-site Scripting vulnerability Moderate
CVE-2022-37246 was published for craftcms/cms (Composer) Sep 22, 2022
Microweber vulnerable to HTML Injection in create tag functionality Moderate
CVE-2022-3245 was published for microweber/microweber (Composer) Sep 21, 2022
Pimcore vulnerable to cross site scripting Moderate
CVE-2022-3255 was published for pimcore/pimcore (Composer) Sep 22, 2022
LibreNMS stored Cross-site Scripting via Schedule Maintenance `Title` parameter Moderate
CVE-2022-3231 was published for librenms/librenms (Composer) Sep 18, 2022
Stored XSS using HTMLEditor Moderate
CVE-2022-37429 was published for silverstripe/framework (Composer) Nov 21, 2022
PrestaShop Product Comments Cross-site Scripting vulnerability Moderate
CVE-2022-35933 was published for prestashop/productcomments (Composer) Aug 31, 2022
SCart is vulnerable to cross-site scripting (XSS) Moderate
CVE-2022-21149 was published for s-cart/core (Composer) May 3, 2022
Cross-site Scripting in Microweber Moderate
CVE-2022-1584 was published for microweber/microweber (Composer) May 5, 2022
Microweber vulnerable to cross-site scripting (XSS) Moderate
CVE-2022-1555 was published for microweber/microweber (Composer) May 5, 2022
Cross-site Scripting in FacturaScripts Moderate
CVE-2022-1571 was published for facturascripts/facturascripts (Composer) May 5, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database