Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,492
Maven
5,000+
npm
4,115
NuGet
735
pip
3,939
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,867 advisories

Loading
Subrion CMS Cross-site Scripting (XSS) vulnerability in the `contact us` plugin Moderate
CVE-2021-41948 was published for intelliants/subrion (Composer) Apr 30, 2022
attritionorg
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4194 was published for ssddanbrown/bookstack (Composer) Jan 8, 2022
TYPO3 CMS missing check for expiration time of password reset token for backend users Moderate
CVE-2022-36106 was published for typo3/cms (Composer) Sep 16, 2022
infabo
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection Moderate
CVE-2022-36020 was published for typo3/cms (Composer) Sep 16, 2022
leeN
TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper Moderate
CVE-2022-36108 was published for typo3/cms (Composer) Sep 16, 2022
NeoBlack
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController Moderate
CVE-2022-36107 was published for typo3/cms (Composer) Sep 16, 2022
Vautia
Shopware contains sensitive data in backend customer module Moderate
CVE-2022-36101 was published for shopware/shopware (Composer) Sep 16, 2022
Twig may load a template outside a configured directory when using the filesystem loader High
CVE-2022-39261 was published for twig/twig (Composer) Sep 30, 2022
Unserialized Pop Chain in Laravel Critical
CVE-2022-31279 was published for laravel/laravel (Composer) Jun 8, 2022 withdrawn
mir-hossein
Cross-site Scripting in FacturaScripts Moderate
CVE-2022-2016 was published for facturascripts/facturascripts (Composer) Jun 10, 2022
Failed payment recorded has completed in Silverstripe Omnipay Low
CVE-2022-29254 was published for silverstripe/silverstripe-omnipay (Composer) Jun 6, 2022
Cross site scripting in librenms Moderate
CVE-2022-29711 was published for librenms/librenms (Composer) Jun 3, 2022
Cross-site Scripting in Dolibarr Moderate
CVE-2022-30875 was published for dolibarr/dolibarr (Composer) Jun 9, 2022
Cross-site Scripting in RosarioSIS Moderate
CVE-2022-1997 was published for francoisjacquet/rosariosis (Composer) Jun 9, 2022
Cross-site Scripting in SEOmatic plugin Moderate
CVE-2021-41750 was published for nystudio107/craft-seomatic (Composer) Jun 13, 2022
Microweber vulnerable to Stored Cross-Site Scripting Moderate
CVE-2022-4647 was published for microweber/microweber (Composer) Dec 22, 2022
Roots Soil plugin vulnerable to Cross-site Scripting Moderate
CVE-2022-4524 was published for roots/soil (Composer) Dec 15, 2022
Code Injection in SEOmatic Critical
CVE-2021-41749 was published for nystudio107/craft-seomatic (Composer) Jun 13, 2022
Cross site scripting in francoisjacquet/rosariosis Moderate
CVE-2022-2036 was published for francoisjacquet/rosariosis (Composer) Jun 10, 2022
Microweber vulnerable to Reflected Cross-site Scripting Moderate
CVE-2022-4617 was published for microweber/microweber (Composer) Dec 21, 2022
SQL Injection in RosarioSIS Critical
CVE-2022-2067 was published for francoisjacquet/rosariosis (Composer) Jun 14, 2022
Cross-site Scripting in FacturaScripts Moderate
CVE-2022-2065 was published for facturascripts/facturascripts (Composer) Jun 14, 2022
Cross site scripting in intelliants/subrion Moderate
CVE-2021-41502 was published for intelliants/subrion (Composer) Jun 12, 2022
Unrestricted Upload of File with Dangerous Type in Elefant CMS High
CVE-2017-20063 was published for elefant/cms (Composer) Jun 21, 2022
Cross site scripting in Elefant CMS Moderate
CVE-2017-20057 was published for elefant/cms (Composer) Jun 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database