Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,870 advisories

Loading
Code injection in Elefant CMS High
CVE-2017-20064 was published for elefant/cms (Composer) Jun 21, 2022
Improper quoting of columns when using setOrderBy() or setGroupBy() on listing classes in Pimcore High
CVE-2022-31092 was published for pimcore/pimcore (Composer) Jun 22, 2022
Stored XSS via HTML fields in SilverStripe Framework Moderate
CVE-2022-25238 was published for silverstripe/framework (Composer) Jun 29, 2022
Code injection in grav High
CVE-2022-2073 was published for getgrav/grav (Composer) Jun 30, 2022
Cross-site Scripting in microweber Moderate
CVE-2022-2280 was published for microweber/microweber (Composer) Jul 2, 2022
Snipe-IT 6.0.2 vulnerable to Cross-site Scripting Moderate
CVE-2022-32061 was published for snipe/snipe-it (Composer) Jul 8, 2022
Known v1.3.1 contains Insecure Direct Object Reference Moderate
CVE-2022-30852 was published for idno/known (Composer) Jul 9, 2022
Open Redirect in microweber Moderate
CVE-2022-2252 was published for microweber/microweber (Composer) Jun 30, 2022
Code injection in concrete CMS High
CVE-2022-21829 was published for concrete5/core (Composer) Jun 25, 2022
Cross-site Scripting in microweber Moderate
CVE-2022-2300 was published for microweber/microweber (Composer) Jul 5, 2022
Cross-site Scripting in admidio Moderate
CVE-2022-23896 was published for admidio/admidio (Composer) Jun 29, 2022
Stored XSS in link tags added via XHR in SilverStripe Framework Moderate
CVE-2022-28803 was published for silverstripe/framework (Composer) Jun 29, 2022
Unpublished, protected files can be published via shortcode Moderate
CVE-2022-29858 was published for silverstripe/assets (Composer) Jun 29, 2022
Hybridsessions does not expire session id on logout Moderate
CVE-2022-24444 was published for silverstripe/hybridsessions (Composer) Jun 29, 2022
Valinor error messages leading to potential data exfiltration before v0.12.0 High
CVE-2022-31140 was published for cuyz/valinor (Composer) Jul 12, 2022
Flarum post mentions can be used to read any post on the forum without access control High
CVE-2023-22487 was published for flarum/mentions (Composer) Jan 10, 2023
clarkwinkelmann
Known vulnerable to code execution via SVG file in v1.3.1 Moderate
CVE-2022-32115 was published for idno/known (Composer) Jul 9, 2022
melisplatform/melis-front vulnerable to deserialization of untrusted data High
CVE-2022-39298 was published for melisplatform/melis-front (Composer) Oct 11, 2022
melisplatform/melis-cms vulnerable to deserialization of untrusted data High
CVE-2022-39297 was published for melisplatform/melis-cms (Composer) Oct 11, 2022
LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0 High
CVE-2022-31158 was published for packbackbooks/lti-1-3-php-library (Composer) Jul 15, 2022
SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation" Critical
CVE-2022-35628 was published for in2code/lux (Composer) Jul 15, 2022
Feehi CMS arbitrary code execution via crafted PHP file High
CVE-2022-34971 was published for feehi/cms (Composer) Jul 28, 2022
Duplicate Advisory GHSA-hrgx-p36p-89q4 Critical
CVE-2022-36408 was published for prestashop/prestashop (Composer) Jul 23, 2022 withdrawn
ICEcoder vulnerable to Path Traversal High
CVE-2022-34026 was published for icecoder/icecoder (Composer) Sep 23, 2022
Microweber Stored Cross-site Scripting before v1.2.20 Moderate
CVE-2022-2495 was published for microweber/microweber (Composer) Jul 23, 2022
Serubin
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database