Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,870 advisories

Loading
Stored XSS vulnerability on Bounce Management Callback High
CVE-2021-27910 was published for mautic/core (Composer) Sep 1, 2021
tdunlap607
XSS vulnerability on password reset page Moderate
CVE-2021-27909 was published for mautic/core (Composer) Sep 1, 2021
mohit-rocks ZhenwarX
tdunlap607
Use of a Broken or Risky Cryptographic Algorithm Low
CVE-2021-27913 was published for mautic/core (Composer) Sep 1, 2021
michaellrowley mohit-rocks
tdunlap607
Use of Cryptographically Weak Pseudo-Random Number Generator in showdoc Moderate
CVE-2021-3678 was published for showdoc/showdoc (Composer) Sep 2, 2021
Weak Password Recovery Mechanism for Forgotten Password High
CVE-2021-25957 was published for dolibarr/dolibarr (Composer) Sep 2, 2021
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. High
CVE-2021-38557 was published for billz/raspap-webgui (Composer) Sep 2, 2021
Command Injection in RaspAP 2.6.6 High
CVE-2021-38556 was published for billz/raspap-webgui (Composer) Sep 2, 2021
OS Command Injection in Centreon High
CVE-2020-22345 was published for centreon/centreon (Composer) Sep 2, 2021
Dolibarr vulnerable to Improper Authentication and Improper Access Control High
CVE-2021-25956 was published for dolibarr/dolibarr (Composer) Sep 2, 2021
CSRF token exposure in TYPO3 extension Moderate
CVE-2021-36793 was published for lms/routes (Composer) Sep 2, 2021
SQL injection in TYPO3 extension Critical
CVE-2021-38302 was published for ecodev/newsletter (Composer) Sep 2, 2021
Content object state fetch functions open to SQL injection High
GHSA-jpwx-ffjq-wr4w was published for ezsystems/ezpublish-legacy (Composer) Sep 7, 2021
Cross-site scripting in LavaLite-CMS Moderate
CVE-2020-23700 was published for lavalite/cms (Composer) Sep 8, 2021
Arbitrary file upload in Fork CMS High
CVE-2021-28931 was published for forkcms/forkcms (Composer) Sep 8, 2021
Improper Input Validation in Firefly III Low
CVE-2019-14671 was published for grumpydictator/firefly-iii (Composer) Sep 8, 2021
Exposure of Resource to Wrong Sphere in LibreNMS High
CVE-2020-15877 was published for librenms/librenms (Composer) Sep 8, 2021
SQL Injection in Subrion CMS Critical
CVE-2020-18155 was published for intelliants/subrion (Composer) Sep 8, 2021
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-32712 was published for shopware/shopware (Composer) Sep 8, 2021
Cross-site scripting Moderate
CVE-2021-32713 was published for shopware/shopware (Composer) Sep 8, 2021
Session Fixation Moderate
CVE-2021-32710 was published for shopware/platform (Composer) Sep 8, 2021
Exposure of Sensitive Information to an Unauthorized Actor Critical
CVE-2021-32711 was published for shopware/platform (Composer) Sep 8, 2021
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-32716 was published for shopware/platform (Composer) Sep 8, 2021
Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2021-32717 was published for shopware/platform (Composer) Sep 8, 2021
Unrestricted File Upload in ShowDoc v2.9.5 Critical
CVE-2021-36440 was published for showdoc/showdoc (Composer) Sep 9, 2021
Cross-site Scripting in LibreNMS Moderate
CVE-2021-31274 was published for librenms/librenms (Composer) Sep 9, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database