Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,690
Maven
5,000+
npm
4,320
NuGet
760
pip
4,096
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,883 advisories

Loading
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3931 was published for snipe/snipe-it (Composer) Nov 15, 2021
Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore Moderate
CVE-2021-37702 was published for pimcore/pimcore (Composer) Aug 30, 2021
Use of Cryptographically Weak Pseudo-Random Number Generator in yiisoft/yii2-dev Moderate
CVE-2021-3692 was published for yiisoft/yii2-dev (Composer) Sep 1, 2021
Cross-site Scripting in yourls Moderate
CVE-2021-3783 was published for yourls/yourls (Composer) Sep 20, 2021
Cross-site scripting in application/controllers/dropbox.php in JustWriting Moderate
CVE-2021-41467 was published for hjue/justwriting (Composer) Oct 4, 2021
Manipulation of product reviews via API Moderate
CVE-2021-37707 was published for shopware/core (Composer) Aug 30, 2021
Cross-site Scripting in Limesurvey Moderate
CVE-2021-42112 was published for limesurvey/limesurvey (Composer) Oct 12, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Moodle Moderate
CVE-2020-25703 was published for moodle/moodle (Composer) Oct 21, 2021
Cross-site Scripting in snipe-it Moderate
CVE-2021-3863 was published for snipe/snipe-it (Composer) Oct 21, 2021
Cross-Site Request Forgery in firefly-iii Moderate
CVE-2021-3900 was published for grumpydictator/firefly-iii (Composer) Oct 28, 2021
Cross-Site Scripting in grav Moderate
CVE-2021-3904 was published for getgrav/grav (Composer) Nov 1, 2021
Improper Restriction of Rendered UI Layers or Frames in yourls Moderate
CVE-2021-3734 was published for yourls/yourls (Composer) Aug 30, 2021
Exposed phpinfo() leadked via documentation files Moderate
CVE-2021-37704 was published for phpfastcache/phpfastcache (Composer) Aug 30, 2021
Geolim4
Credited to Geolim4
Cross-site Scripting in LibreNMS Moderate
CVE-2021-44279 was published for librenms/librenms (Composer) Dec 3, 2021
Cross-site Scripting in yourls Moderate
CVE-2021-3785 was published for yourls/yourls (Composer) Sep 20, 2021
showdoc is vulnerable to URL Redirection to Untrusted Site Moderate
CVE-2021-3989 was published for showdoc/showdoc (Composer) Dec 3, 2021
snipe-it is vulnerable to Cross-site Scripting Moderate
CVE-2021-4018 was published for snipe/snipe-it (Composer) Dec 3, 2021
Cross-site scripting (XSS) from writer field content in the site frontend Moderate
CVE-2021-41252 was published for getkirby/cms (Composer) Nov 16, 2021
azrultech
Credited to azrultech
Cross-site Scripting in kimai2 Moderate
CVE-2021-3963 was published for kevinpapst/kimai2 (Composer) Nov 23, 2021
Cross-site Scripting in kimai2 Moderate
CVE-2021-3976 was published for kevinpapst/kimai2 (Composer) Nov 23, 2021
Cross-site Scripting in kimai2 Moderate
CVE-2021-3957 was published for kevinpapst/kimai2 (Composer) Nov 23, 2021
Exposure of sensitive information in concrete5/core Moderate
CVE-2021-22967 was published for concrete5/core (Composer) Nov 23, 2021
Authenticated Stored XSS in shopware/shopware Moderate
CVE-2021-41188 was published for shopware/shopware (Composer) Oct 27, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3775 was published for showdoc/showdoc (Composer) Nov 15, 2021
elgg is vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2021-3964 was published for elgg/elgg (Composer) Dec 3, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database