GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+
2,854 advisories
Filter by severity
Laravel Framework XSS in Blade templating engine
Moderate
CVE-2021-43808
was published
for
illuminate/view
(Composer)
Dec 8, 2021
Cross Site Request Forgery in firefly-iii
Moderate
CVE-2021-4005
was published
for
grumpydictator/firefly-iii
(Composer)
Dec 10, 2021
Cross site scripting in remdex/livehelperchat
Moderate
CVE-2021-4050
was published
for
remdex/livehelperchat
(Composer)
Dec 10, 2021
Cross-Site Request Forgery in kimai2
Moderate
CVE-2021-4033
was published
for
kevinpapst/kimai2
(Composer)
Dec 10, 2021
Dolibarr Cross Site Scripting (XSS) vulnerability
Moderate
CVE-2021-42220
was published
for
dolibarr/dolibarr
(Composer)
Dec 16, 2021
yetiforcecrm is vulnerable to Cross-site Scripting
Moderate
CVE-2021-4107
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 16, 2021
snipe-it is vulnerable to Cross-site Scripting
Moderate
CVE-2021-4108
was published
for
snipe/snipe-it
(Composer)
Dec 16, 2021
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4092
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 16, 2021
phpservermon is vulnerable to CRLF Injection
Moderate
CVE-2021-4097
was published
for
phpservermon/phpservermon
(Composer)
Dec 16, 2021
pimcore is vulnerable to Cross-site Scripting
Moderate
CVE-2021-4081
was published
for
pimcore/pimcore
(Composer)
Dec 16, 2021
pimcore is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4082
was published
for
pimcore/pimcore
(Composer)
Dec 16, 2021
Cross-site Scripting in pimcore
Moderate
CVE-2021-4084
was published
for
pimcore/pimcore
(Composer)
Dec 16, 2021
snipe-it is vulnerable to Improper Access Control
Moderate
CVE-2021-4089
was published
for
snipe/snipe-it
(Composer)
Dec 16, 2021
Open Redirect in showdoc
Moderate
CVE-2021-4000
was published
for
showdoc/showdoc
(Composer)
Dec 16, 2021
BookStack is vulnerable to Improper Access Control.
Moderate
CVE-2021-4119
was published
for
ssddanbrown/bookstack
(Composer)
Dec 16, 2021
yetiforcecrm is vulnerable to Cross-site Scripting
Moderate
CVE-2021-4116
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 16, 2021
YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product
Moderate
CVE-2021-4117
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 16, 2021
yetiforcecrm is vulnerable to Cross-site Scripting
Moderate
CVE-2021-4121
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 17, 2021
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4123
was published
for
remdex/livehelperchat
(Composer)
Dec 17, 2021
Cross site scripting in dolibarr
Moderate
CVE-2022-22293
was published
for
dolibarr/dolibarr
(Composer)
Jan 3, 2022
Cross-site Scripting in Anchor CMS
Moderate
CVE-2021-44116
was published
for
anchorcms/anchor-cms
(Composer)
Jan 5, 2022
livehelperchat is vulnerable to Cross-site Scripting
Moderate
CVE-2021-4132
was published
for
remdex/livehelperchat
(Composer)
Jan 5, 2022
Cross-site Scripting in pimcore
Moderate
CVE-2021-4139
was published
for
pimcore/pimcore
(Composer)
Jan 5, 2022
Client-Side JavaScript Prototype Pollution in oro/platform
Moderate
CVE-2021-43852
was published
for
oro/platform
(Composer)
Jan 6, 2022
XSS vulnerability on email template preview page
Moderate
CVE-2021-41236
was published
for
oro/platform
(Composer)
Jan 6, 2022
ProTip!
Advisories are also available from the
GraphQL API