Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,291 advisories

Loading
Cockpit Cross-site Scripting vulnerability High
CVE-2023-4432 was published for cockpit-hq/cockpit (Composer) Aug 19, 2023
Cockpit Cross-site Scripting vulnerability High
CVE-2023-4395 was published for cockpit-hq/cockpit (Composer) Aug 17, 2023
Flarum vulnerable to LFI and Blind SSRF via Avatar upload High
CVE-2023-40033 was published for flarum/core (Composer) Aug 16, 2023
LibreNMS Cross-site Scripting vulnerability High
CVE-2023-4347 was published for librenms/librenms (Composer) Aug 15, 2023
Cockpit Cross-site Scripting vulnerability High
CVE-2023-4321 was published for cockpit-hq/cockpit (Composer) Aug 14, 2023
Withdrawn Advisory: Daylight Studio FUEL-CMS SQLi Vulnerability High
CVE-2020-24950 was published for codeigniter/framework (Composer) Aug 11, 2023 withdrawn
PrestaShop XSS injection through Validate::isCleanHTML method High
CVE-2023-39527 was published for prestashop/prestashop (Composer) Aug 9, 2023
Magento Open Source allows Improper Neutralization of Special Elements Used High
CVE-2023-38208 was published for magento/community-edition (Composer) Aug 9, 2023
Cockpit Cross-site Scripting vulnerability High
CVE-2023-4196 was published for cockpit-hq/cockpit (Composer) Aug 6, 2023
RaspAP Command Injection vulnerability High
CVE-2022-39987 was published for billz/raspap-webgui (Composer) Aug 1, 2023
MarkLee131
phpMyFAQ Improper Neutralization of Formula Elements in a CSV File vulnerability High
CVE-2023-4006 was published for thorsten/phpmyfaq (Composer) Jul 31, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability High
CVE-2023-4007 was published for thorsten/phpmyfaq (Composer) Jul 31, 2023
Field injection in the KirbyData text storage handler High
CVE-2023-38488 was published for getkirby/cms (Composer) Jul 28, 2023
dapatrese
Insufficient Session Expiration after a password change High
CVE-2023-38489 was published for getkirby/cms (Composer) Jul 28, 2023
5hank4r
Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2023-3819 was published for pimcore/pimcore (Composer) Jul 21, 2023
dkarlovi
Pimcore vulnerable to SQL Injection in Dataobjects sorting High
CVE-2023-3820 was published for pimcore/pimcore (Composer) Jul 21, 2023
hiu240900
Cockpit CMS vulnerable to incorrect access control High
CVE-2023-37649 was published for cockpit-hq/cockpit (Composer) Jul 20, 2023
Cockpit CMS Cross-Site Request Forgery vulnerability High
CVE-2023-37650 was published for cockpit-hq/cockpit (Composer) Jul 20, 2023
grav Server-side Template Injection (SSTI) mitigation bypass High
CVE-2023-37897 was published for getgrav/grav (Composer) Jul 19, 2023
s4ex Malayke
zenstruck/collection passing callable string to EntityRepository::find() and query() High
CVE-2023-37473 was published for zenstruck/collection (Composer) Jul 14, 2023
kbond
PocketMine-MP vulnerable to server crash using badly formatted sign NBT in BlockActorDataPacket High
GHSA-7wrv-6h42-w54f was published for pocketmine/pocketmine-mp (Composer) Jul 14, 2023
ShockedPlot7560 dktapps
Pimcore SQL Injection vulnerability High
CVE-2023-3673 was published for pimcore/pimcore (Composer) Jul 14, 2023
TeamPass information exposure vulnerability High
CVE-2023-3553 was published for nilsteampassnet/teampass (Composer) Jul 8, 2023
TeamPass vulnerable to Improper Encoding or Escaping of Output High
CVE-2023-3552 was published for nilsteampassnet/teampass (Composer) Jul 8, 2023
Archive_Tar contains Potential RCE if filename starts with phar:// High
CVE-2018-1000888 was published for pear/archive_tar (Composer) Jul 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database