Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,688
Maven
5,000+
npm
4,320
NuGet
760
pip
4,096
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,883 advisories

Loading
Cross-site Scripting in GilaCMS Moderate
CVE-2020-20695 was published for gilacms/gila (Composer) Sep 30, 2021
Reliance on Cookies without Validation and Integrity Checking in getgrav/grav Moderate
CVE-2021-3818 was published for getgrav/grav (Composer) Sep 29, 2021
Cross-site scripting in Centreon Moderate
CVE-2021-27676 was published for centreon/centreon (Composer) Jun 8, 2021
Cross-site scripting in imgURL Moderate
CVE-2021-38713 was published for helloxz/imgurl (Composer) Aug 30, 2021
Cross-site scripting in demos/demo.mysqli.php in getID3 Moderate
CVE-2021-40926 was published for james-heinrich/getid3 (Composer) Oct 4, 2021
Cross-site Scripting in TYPO3 extension Moderate
CVE-2021-36785 was published for miniorange/miniorange-saml (Composer) Aug 30, 2021
Missing Authentication for Critical Function Moderate
CVE-2021-32709 was published for shopware/platform (Composer) Jun 29, 2021
Improper Certificate Validation in Heartland & Global Payments PHP SDK Moderate
CVE-2019-20455 was published for globalpayments/php-sdk (Composer) Oct 12, 2021
Cross-site Scripting in GilaCMS Moderate
CVE-2020-20696 was published for gilacms/gila (Composer) Sep 30, 2021
Cross-Site Request Forgery in snipe-it Moderate
CVE-2021-3858 was published for snipe/snipe-it (Composer) Oct 21, 2021
Cross-Site Request Forgery in firefly-iii Moderate
CVE-2021-3819 was published for grumpydictator/firefly-iii (Composer) Sep 29, 2021
Cross Site Scripting in Microweber Moderate
CVE-2021-33988 was published for microweber/microweber (Composer) Oct 25, 2021
Observable Response Discrepancy in Lost Password Service Moderate
CVE-2021-39189 was published for pimcore/pimcore (Composer) Sep 20, 2021
XSS Injection in Media Collection Title was possible Moderate
CVE-2021-32737 was published for sulu/sulu (Composer) Jul 2, 2021
Open Redirect in firefly-iii Moderate
CVE-2021-3851 was published for grumpydictator/firefly-iii (Composer) Oct 21, 2021
Incorrect Authorization in TYPO3 extension Moderate
CVE-2020-25025 was published for localizationteam/l10nmgr (Composer) Jul 26, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3683 was published for showdoc/showdoc (Composer) Nov 15, 2021
Cross-site scripting (XSS) from image block content in the site frontend Moderate
CVE-2021-41258 was published for getkirby/cms (Composer) Nov 16, 2021
azrultech
Credited to azrultech
Stored XSS with custom URLs in PrestaShop module ps_linklist Moderate
CVE-2020-5273 was published for prestashop/ps_linklist (Composer) Oct 12, 2021
Cross-site scripting in forkcms Moderate
CVE-2020-23049 was published for forkcms/forkcms (Composer) Oct 25, 2021
Cross-site Scripting in snipe-it Moderate
CVE-2021-3879 was published for snipe/snipe-it (Composer) Oct 21, 2021
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in sulu/sulu Moderate
CVE-2021-41169 was published for sulu/sulu (Composer) Oct 22, 2021
Server-Side Request Forgery in Concrete CMS Moderate
CVE-2021-22969 was published for concrete5/core (Composer) Nov 23, 2021
Password exposure in concrete5/core Moderate
CVE-2021-22951 was published for concrete5/core (Composer) Nov 23, 2021
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3931 was published for snipe/snipe-it (Composer) Nov 15, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database