Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,870 advisories

Loading
Microweber before 1.2.21 vulnerable to reflected XSS Moderate
CVE-2022-2470 was published for microweber/microweber (Composer) Jul 23, 2022
Possible cross-site scripting attack via unsanitized SVG files in FoF Upload High
CVE-2022-30999 was published for fof/upload (Composer) May 25, 2022
Caesar302
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent Moderate
CVE-2022-36032 was published for react/http (Composer) Sep 16, 2022
lavish
PrestaShop eval injection possible if shop vulnerable to SQL injection Critical
CVE-2022-31181 was published for prestashop/prestashop (Composer) Jul 29, 2022
FeehiCMS vulnerable to Cross-Site scripting via crafted payload Moderate
CVE-2022-40408 was published for feehi/feehicms (Composer) Sep 30, 2022
DoS vulnerability in MaliciousCode filter Moderate
CVE-2023-23617 was published for openmage/magento-lts (Composer) Jan 27, 2023
Improper Authorization in dolibarr/dolibarr Moderate
CVE-2022-0731 was published for dolibarr/dolibarr (Composer) Feb 24, 2022
Cross-site scripting in Dolibarr Moderate
CVE-2019-16197 was published for dolibarr/dolibarr (Composer) Nov 8, 2019
Cachet configuration leak High
CVE-2021-39174 was published for cachethq/cachet (Composer) Aug 30, 2021
thomas-chauchefoin-sonarsource
SQL Injection in dolibarr High
CVE-2022-0224 was published for dolibarr/dolibarr (Composer) Jan 21, 2022
Command injection in librenms High
CVE-2022-29712 was published for librenms/librenms (Composer) Jun 3, 2022
Cachet vulnerable to forced reinstall High
CVE-2021-39173 was published for cachethq/cachet (Composer) Aug 30, 2021
thomas-chauchefoin-sonarsource
FeehiCMS Cross Site Scripting vulnerability Moderate
CVE-2020-36607 was published for feehi/feehicms (Composer) Dec 15, 2022
FeehiCMS Cross Site Scripting vulnerability Moderate
CVE-2022-40002 was published for feehi/feehicms (Composer) Dec 15, 2022
FeehiCMS Cross Site Scripting vulnerability Moderate
CVE-2022-40001 was published for feehi/feehicms (Composer) Dec 15, 2022
FeehiCMS vulnerable to Cross Site Scripting Moderate
CVE-2020-20589 was published for feehi/feehicms (Composer) Dec 15, 2022
FeehiCMS Cross Site Scripting vulnerability Moderate
CVE-2021-36572 was published for feehi/feehicms (Composer) Dec 15, 2022
FeehiCMS Unrestricted Upload vulnerability Moderate
CVE-2021-36573 was published for feehi/feehicms (Composer) Dec 15, 2022
FeehiCMS Cross Site Scripting vulnerability Moderate
CVE-2022-40373 was published for feehi/feehicms (Composer) Dec 15, 2022
FeehiCMS Cross Site Scripting vulnerability Moderate
CVE-2022-40000 was published for feehi/feehicms (Composer) Dec 15, 2022
Cross site scripting in getkirby/starterkit Moderate
CVE-2022-35174 was published for getkirby/starterkit (Composer) Aug 19, 2022
Cross site scripting in yetiforce/yetiforce-crm Moderate
CVE-2022-1340 was published for yetiforce/yetiforce-crm (Composer) Aug 23, 2022
Exposure of password hashes in notrinos/notrinos-erp High
CVE-2022-2921 was published for notrinos/notrinos-erp (Composer) Aug 22, 2022
NotrinosERP Cross-site Scripting vulnerability Moderate
CVE-2022-2871 was published for notrinos/notrinos-erp (Composer) Aug 18, 2022
Cross site scripting in yetiforce/yetiforce-crm Moderate
CVE-2022-2890 was published for yetiforce/yetiforce-crm (Composer) Aug 23, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database