Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,870 advisories

Loading
Cross site scripting in yetiforce/yetiforce-crm Moderate
CVE-2022-2885 was published for yetiforce/yetiforce-crm (Composer) Aug 22, 2022
Missing password strength check in notrinos/notrinos-erp High
CVE-2022-2927 was published for notrinos/notrinos-erp (Composer) Aug 23, 2022
Cross site scripting in dolibarr Moderate
CVE-2022-22293 was published for dolibarr/dolibarr (Composer) Jan 3, 2022
Pimcore vulnerable to stored stored Cross-site Scripting via`properties` when creating new users Moderate
CVE-2022-3211 was published for pimcore/pimcore (Composer) Sep 16, 2022
himiklab yii2-jqgrid-widget vulnerable to SQL Injection Critical
CVE-2014-125051 was published for himiklab/yii2-jqgrid-widget (Composer) Jan 6, 2023
The filename of uploaded files vulnerable to stored XSS High
CVE-2020-4041 was published for bolt/bolt (Composer) Jun 9, 2020
staz0t
CSRF issue on preview pages in Bolt CMS High
CVE-2020-4040 was published for bolt/bolt (Composer) Jun 9, 2020
staz0t
Cross-site scripting vulnerability in TinyMCE alerts Moderate
CVE-2022-23494 was published for TinyMCE (Composer) Dec 8, 2022
P4rkJW
melisplatform/melis-asset-manager vulnerable to Path Traversal High
CVE-2022-39296 was published for melisplatform/melis-asset-manager (Composer) Oct 11, 2022
Akeneo PIM Community Edition vulnerable to remote php code execution High
CVE-2022-46157 was published for akeneo/pim-community-dev (Composer) Dec 9, 2022
phpMyFAQ vulnerable to Cross-site Scripting Moderate
CVE-2022-4407 was published for thorsten/phpmyfaq (Composer) Dec 11, 2022
Microweber's title parameter in the body of POST request vulnerable to stored XSS Moderate
CVE-2022-2777 was published for microweber/microweber (Composer) Aug 12, 2022
Awesome Support vulnerable to persistent cross-site scripting Moderate
CVE-2022-38073 was published for awesome-support/awesome-support (Composer) Sep 22, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting Moderate
CVE-2022-3002 was published for yetiforce/yetiforce-crm (Composer) Oct 6, 2022
October CMS auth bypass and account takeover High
CVE-2021-29487 was published for october/system (Composer) Aug 30, 2021
Concrete CMS vulnerable to Cross-site Request Forgery High
CVE-2022-43693 was published for concrete5/concrete5 (Composer) Nov 14, 2022
Dolibarr Cross-site Scripting vulnerability Critical
CVE-2021-25955 was published for dolibarr/dolibarr (Composer) Aug 30, 2021
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE Critical
CVE-2021-32682 was published for studio-42/elfinder (Composer) Jun 16, 2021
thomas-chauchefoin-sonarsource
Grav's Twig processing allowing dangerous PHP functions by default High
CVE-2021-29440 was published for getgrav/grav (Composer) Apr 16, 2021
thomas-chauchefoin-sonarsource
NukeView CMS vulnerable to Cross-site Scripting Moderate
CVE-2022-3975 was published for nukeviet/nukeviet (Composer) Nov 13, 2022
October CMS Safe Mode bypass leads to authenticated Remote Code Execution High
CVE-2022-35944 was published for october/system (Composer) Oct 13, 2022
cydave daftspunk
Dolibarr vulnerable to Improper Authentication and Improper Access Control High
CVE-2021-25956 was published for dolibarr/dolibarr (Composer) Sep 2, 2021
elFinder unsafe upload filtering leading to remote code execution High
CVE-2021-23394 was published for studio-42/elfinder (Composer) Jun 15, 2021
assaf-benjosef thomas-chauchefoin-sonarsource
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted Low
CVE-2023-22489 was published for flarum/core (Composer) Jan 10, 2023
clarkwinkelmann
phpMyFAQ vulnerable to Cross-site Scripting Moderate
CVE-2022-4408 was published for thorsten/phpmyfaq (Composer) Dec 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database