Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,870 advisories

Loading
Deleted Admin Can Sign In to Admin Interface High
CVE-2021-41126 was published for october/october (Composer) Oct 6, 2021
BuddyPress privilege escalation via REST API High
CVE-2021-21389 was published for buddypress/buddypress (Composer) Oct 6, 2021
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS High
CVE-2021-41120 was published for sylius/paypal-plugin (Composer) Oct 6, 2021
Stored XSS with custom URLs in PrestaShop module ps_linklist Moderate
CVE-2020-5273 was published for prestashop/ps_linklist (Composer) Oct 12, 2021
Drupal core Unrestricted Upload of File with Dangerous Type High
CVE-2020-13671 was published for drupal/core (Composer) Oct 12, 2021
Critical severity vulnerability in Ignition Critical
CVE-2020-13909 was published for facade/ignition (Composer) Oct 12, 2021
Origin Validation Error in Magento 2 High
CVE-2020-8818 was published for cardgate/magento2 (Composer) Oct 12, 2021
Improper Certificate Validation in Heartland & Global Payments PHP SDK Moderate
CVE-2019-20455 was published for globalpayments/php-sdk (Composer) Oct 12, 2021
SQL Injection in medoo Critical
CVE-2019-10762 was published for catfan/medoo (Composer) Oct 12, 2021
Cross-site Scripting in Limesurvey Moderate
CVE-2021-42112 was published for limesurvey/limesurvey (Composer) Oct 12, 2021
Server-Side Request Forgery vulnerability in concrete5 High
CVE-2021-22958 was published for concrete5/concrete5 (Composer) Oct 12, 2021
Cross-site Scripting in SilverStripe Framework Moderate
CVE-2021-36150 was published for silverstripe/admin (Composer) Oct 12, 2021
SilverStripe GraphQL Server permission checker not inherited by query subclass. Moderate
CVE-2021-28661 was published for silverstripe/graphql (Composer) Oct 12, 2021
CSV Injection Vulnerability High
CVE-2021-41824 was published for craftcms/cms (Composer) Oct 18, 2021
Cross-site Scripting in snipe-it Moderate
CVE-2021-3879 was published for snipe/snipe-it (Composer) Oct 21, 2021
Open Redirect in firefly-iii Moderate
CVE-2021-3851 was published for grumpydictator/firefly-iii (Composer) Oct 21, 2021
Cross-Site Request Forgery in snipe-it Moderate
CVE-2021-3858 was published for snipe/snipe-it (Composer) Oct 21, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Moodle Moderate
CVE-2020-25703 was published for moodle/moodle (Composer) Oct 21, 2021
Cross-site Scripting in snipe-it Moderate
CVE-2021-3863 was published for snipe/snipe-it (Composer) Oct 21, 2021
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in sulu/sulu Moderate
CVE-2021-41169 was published for sulu/sulu (Composer) Oct 22, 2021
Cross-site scripting vulnerability in TinyMCE Moderate
CVE-2024-21908 was published for TinyMCE (Composer) Oct 22, 2021
pterodactyl/panel CSRF allowing an external page to trigger a user logout event Low
CVE-2021-41176 was published for pterodactyl/panel (Composer) Oct 25, 2021
HDVinnie
Cross-site scripting in forkcms Moderate
CVE-2020-23049 was published for forkcms/forkcms (Composer) Oct 25, 2021
Showdoc File Upload Vulnerability Critical
CVE-2021-41745 was published for showdoc/showdoc (Composer) Oct 25, 2021
Cross Site Scripting in Microweber Moderate
CVE-2021-33988 was published for microweber/microweber (Composer) Oct 25, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database