Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,870 advisories

Loading
Cross site scripting in Elefant CMS Moderate
CVE-2017-20059 was published for elefant/cms (Composer) Jun 21, 2022
Cross site scripting in intelliants/subrion Moderate
CVE-2021-41502 was published for intelliants/subrion (Composer) Jun 12, 2022
Cross-site Scripting in Microweber Moderate
CVE-2022-2174 was published for microweber/microweber (Composer) Jun 23, 2022
October CMS upload process vulnerable to RCE via Race Condition High
CVE-2022-24800 was published for october/system (Composer) Jul 13, 2022
Cross-Site Request Forgery in Elefant CMS High
CVE-2017-20062 was published for elefant/cms (Composer) Jun 21, 2022
Cross-site Scripting in krayin/laravel-crm Moderate
CVE-2021-41924 was published for krayin/laravel-crm (Composer) Jun 22, 2022
Authenticated Stored Cross-site Scripting in Shopware Moderate
CVE-2022-31057 was published for shopware/shopware (Composer) Jun 22, 2022
Deserialization of Untrusted Data in topthink/framework Critical
CVE-2022-33107 was published for topthink/framework (Composer) Jun 30, 2022
Cross site scripting in facturascripts Moderate
CVE-2022-2066 was published for facturascripts/facturascripts (Composer) Jun 14, 2022
Cross site scripting in dolibarr Moderate
CVE-2022-2060 was published for dolibarr/dolibarr (Composer) Jun 14, 2022
Cross-Site Scripting in TYPO3's Form Framework Moderate
CVE-2022-31048 was published for typo3/cms (Composer) Jun 17, 2022
EcoGabe
brotkrueml/typo3-matomo-integration vulnerable to Cross-Site Scripting Moderate
CVE-2022-33156 was published for brotkrueml/typo3-matomo-integration (Composer) Jun 17, 2022
Cross-Site Scripting in TYPO3's Frontend Login Mailer Moderate
CVE-2022-31049 was published for typo3/cms (Composer) Jun 17, 2022
cseifert andreaskienast
Incorrect Authorization in thinkcmf Moderate
CVE-2021-40616 was published for thinkcmf/thinkcmf (Composer) Jun 15, 2022
Cross-site Scripting in NukeViet CMS Moderate
CVE-2022-30874 was published for nukeviet/nukeviet (Composer) Jun 22, 2022
Cross site scripting in Elefant CMS Moderate
CVE-2017-20060 was published for elefant/cms (Composer) Jun 21, 2022
Path traversal in Concrete CMS Critical
CVE-2022-30117 was published for concrete5/core (Composer) Jun 25, 2022
Cross site scripting in Concrete CMS Low
CVE-2022-30120 was published for concrete5/core (Composer) Jun 25, 2022
Known v1.3.1 Cross-site Scripting Moderate
CVE-2022-31290 was published for idno/known (Composer) Jul 9, 2022
Known vulnerable to account takeover via host header injection attack in v1.3.1 High
CVE-2022-33011 was published for idno/known (Composer) Jul 9, 2022
brotkrueml/schema fails to properly encode user input for output in HTML context, leading to XSS Moderate
CVE-2022-33154 was published for brotkrueml/schema (Composer) Jun 17, 2022
Insufficient Session Expiration in TYPO3's Admin Tool Moderate
CVE-2022-31050 was published for typo3/cms (Composer) Jun 17, 2022
waldhacker1 ohader
Information Disclosure via Export Module Moderate
CVE-2022-31046 was published for typo3/cms (Composer) Jun 17, 2022
linawolf derhansen
Cross-site Scripting in Microweber Moderate
CVE-2022-2130 was published for microweber/microweber (Composer) Jun 21, 2022
Cross site scripting in Elefant CMS Moderate
CVE-2017-20061 was published for elefant/cms (Composer) Jun 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database