Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,690
Maven
5,000+
npm
4,320
NuGet
760
pip
4,096
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,883 advisories

Loading
Cross-site Scripting in pegasus/google-for-jobs Moderate
CVE-2021-43561 was published for pegasus/google-for-jobs (Composer) Nov 15, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3775 was published for showdoc/showdoc (Composer) Nov 15, 2021
Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys Moderate
CVE-2021-41273 was published for pterodactyl/panel (Composer) Nov 18, 2021
Haxatron
Credited to Haxatron
twill is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3932 was published for area17/twill (Composer) Nov 15, 2021
elgg is vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2021-3964 was published for elgg/elgg (Composer) Dec 3, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4015 was published for grumpydictator/firefly-iii (Composer) Dec 6, 2021
The disqualify lead action may be executed without CSRF token check Moderate
CVE-2021-39198 was published for oro/crm (Composer) Nov 19, 2021
Server-Side Request Forgery in Concrete CMS Moderate
CVE-2021-22970 was published for concrete5/core (Composer) Nov 23, 2021
yikes-inc-easy-mailchimp-extender Cross-site Scripting vulnerability Moderate
CVE-2021-4244 was published for yikesinc/yikes-inc-easy-mailchimp-extender (Composer) Dec 12, 2022
Cross Site Request Forgery in firefly-iii Moderate
CVE-2021-4005 was published for grumpydictator/firefly-iii (Composer) Dec 10, 2021
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Moderate
CVE-2021-3990 was published for showdoc/showdoc (Composer) Dec 3, 2021
Cross-site Scripting in kimai2 Moderate
CVE-2021-3983 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3993 was published for showdoc/showdoc (Composer) Dec 3, 2021
Open Redirect in showdoc Moderate
CVE-2021-4000 was published for showdoc/showdoc (Composer) Dec 16, 2021
snipe-it is vulnerable to Cross-site Scripting Moderate
CVE-2021-4108 was published for snipe/snipe-it (Composer) Dec 16, 2021
Cross-Site Request Forgery in kimai2 Moderate
CVE-2021-4033 was published for kevinpapst/kimai2 (Composer) Dec 10, 2021
phpservermon is vulnerable to CRLF Injection Moderate
CVE-2021-4097 was published for phpservermon/phpservermon (Composer) Dec 16, 2021
Cross-site Scripting in pimcore Moderate
CVE-2021-4084 was published for pimcore/pimcore (Composer) Dec 16, 2021
yetiforcecrm is vulnerable to Cross-site Scripting Moderate
CVE-2021-4116 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
yetiforcecrm is vulnerable to Cross-site Scripting Moderate
CVE-2021-4107 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
Cross-site Scripting in Anchor CMS Moderate
CVE-2021-44116 was published for anchorcms/anchor-cms (Composer) Jan 5, 2022
Cross site scripting in remdex/livehelperchat Moderate
CVE-2021-4050 was published for remdex/livehelperchat (Composer) Dec 10, 2021
pimcore is vulnerable to Cross-site Scripting Moderate
CVE-2021-4081 was published for pimcore/pimcore (Composer) Dec 16, 2021
pimcore is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4082 was published for pimcore/pimcore (Composer) Dec 16, 2021
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4092 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database