Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,870 advisories

Loading
Cross-site scripting in ICEcoder Moderate
CVE-2021-32106 was published for icecoder/icecoder (Composer) Sep 9, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-gqcf-83rq-gpfr was published for ibexa/post-install (Composer) Sep 14, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-2rh5-jvgx-pgw3 was published for ezsystems/ezplatform (Composer) Sep 14, 2021
Observable Response Discrepancy in Lost Password Service Moderate
CVE-2021-39189 was published for pimcore/pimcore (Composer) Sep 20, 2021
Cross-site Scripting in yourls Moderate
CVE-2021-3785 was published for yourls/yourls (Composer) Sep 20, 2021
Cross-site Scripting in yourls Moderate
CVE-2021-3783 was published for yourls/yourls (Composer) Sep 20, 2021
Arbitrary Code Execution in feehi/cms High
CVE-2020-21322 was published for feehi/cms (Composer) Sep 20, 2021
User can obtain JWT token even if account is disabled High
GHSA-36mj-6r7r-mqhf was published for ezsystems/ezplatform-rest (Composer) Sep 29, 2021
File reference keys leads to incorrect hashes on HMAC algorithms Moderate
CVE-2021-41106 was published for lcobucci/jwt (Composer) Sep 29, 2021
arokettu
Cross-Site Request Forgery in firefly-iii Moderate
CVE-2021-3819 was published for grumpydictator/firefly-iii (Composer) Sep 29, 2021
Reliance on Cookies without Validation and Integrity Checking in getgrav/grav Moderate
CVE-2021-3818 was published for getgrav/grav (Composer) Sep 29, 2021
Improper Access Control in Webauthn Framework Critical
CVE-2021-38299 was published for web-auth/webauthn-framework (Composer) Sep 29, 2021
Directory Traversal in typo3/phar-stream-wrapper Critical
CVE-2019-11831 was published for drupal/core (Composer) Sep 30, 2021
SQL Injection in topthink/thinkphp Critical
CVE-2020-20120 was published for topthink/thinkphp (Composer) Sep 30, 2021
Cross-site Scripting in GilaCMS Moderate
CVE-2020-20695 was published for gilacms/gila (Composer) Sep 30, 2021
Cross-site Scripting in GilaCMS Moderate
CVE-2020-20696 was published for gilacms/gila (Composer) Sep 30, 2021
Cross-Site Request Forgery in GilaCMS High
CVE-2020-20693 was published for gilacms/gila (Composer) Sep 30, 2021
CSV injection in Craft CMS High
GHSA-xrpj-f9v6-2332 was published for craftcms/cms (Composer) Oct 4, 2021 withdrawn
Cross-site Scripting in LaraCMS Moderate
CVE-2020-20129 was published for wanglelecc/laracms (Composer) Oct 4, 2021
Cross-site scripting in application/controllers/dropbox.php in JustWriting Moderate
CVE-2021-41467 was published for hjue/justwriting (Composer) Oct 4, 2021
Cross-site scripting in demos/demo.mysqli.php in getID3 Moderate
CVE-2021-40926 was published for james-heinrich/getid3 (Composer) Oct 4, 2021
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification High
CVE-2021-41129 was published for pterodactyl/panel (Composer) Oct 4, 2021
Improper escaping of command arguments on Windows leading to command injection High
CVE-2021-41116 was published for composer/composer (Composer) Oct 5, 2021
paul-gerste-sonarsource
HTTP Host Header Injection Moderate
CVE-2021-41114 was published for typo3/cms (Composer) Oct 5, 2021
bnf
Cross-Site-Request-Forgery in Backend High
CVE-2021-41113 was published for typo3/cms (Composer) Oct 5, 2021
sushiwushi ohader
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database