Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,870 advisories

Loading
Centreon SQL Injection vulnerability via esc_name parameter High
CVE-2022-40043 was published for centreon/centreon (Composer) Sep 27, 2022
TYPO3 HTML Sanitizer vulnerable to Cross-Site Scripting Moderate
CVE-2022-23499 was published for typo3/cms (Composer) Dec 13, 2022
leeN
Centreon contains cross-site scripting vulnerability via esc_name parameter Moderate
CVE-2022-40044 was published for centreon/centreon (Composer) Sep 27, 2022
Cross-site scripting from dynamic options in the multiselect field Moderate
CVE-2022-36037 was published for getkirby/cms (Composer) Aug 29, 2022
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-32716 was published for shopware/platform (Composer) Sep 8, 2021
CodeIgniter4 Potential Session Handlers Vulnerability High
CVE-2022-46170 was published for codeigniter4/framework (Composer) Dec 22, 2022
srtnlgn
Inadequate Encryption Strength in showdoc Moderate
CVE-2021-3680 was published for showdoc/showdoc (Composer) Sep 1, 2021
Insufficient Session Expiration in snipe/snipe-it Moderate
CVE-2022-2997 was published for snipe/snipe-it (Composer) Aug 26, 2022
Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2021-32717 was published for shopware/platform (Composer) Sep 8, 2021
Command injection in mail agent settings High
CVE-2021-37708 was published for shopware/core (Composer) Aug 30, 2021
Froxlor vulnerable to code injection Moderate
CVE-2022-3869 was published for froxlor/froxlor (Composer) Nov 5, 2022
Reflected Cross-site Scripting in Shopware storefront Moderate
CVE-2022-24873 was published for shopware/shopware (Composer) Apr 28, 2022
Cross-site Scripting in microweber Moderate
CVE-2022-1504 was published for microweber/microweber (Composer) Apr 28, 2022
Stored cross site scripting in getgrav/grav Moderate
CVE-2022-1173 was published for getgrav/grav (Composer) Apr 27, 2022
Multiple valid tokens for password reset in Shopware Moderate
CVE-2022-24892 was published for shopware/shopware (Composer) Apr 28, 2022
Cross site scripting in FacturaScripts Critical
CVE-2022-1514 was published for facturascripts/facturascripts (Composer) Apr 29, 2022
Malfunction of CSRF token validation in Shopware High
CVE-2022-24879 was published for shopware/shopware (Composer) Apr 28, 2022
Diactoros before 2.11.1 vulnerable to HTTP Host Header Attack Moderate
CVE-2022-31109 was published for laminas/laminas-diactoros (Composer) Jul 27, 2022
MaximilianKresse
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms Moderate
CVE-2022-39314 was published for getkirby/cms (Composer) Oct 18, 2022
florianmrz
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4026 was published for ssddanbrown/bookstack (Composer) Dec 1, 2021
YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product Moderate
CVE-2021-4117 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
kimai2 is vulnerable to Improper Access Control Moderate
CVE-2021-3992 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number High
CVE-2021-4111 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
October/System authenticated file write leads to remote code execution High
CVE-2021-32649 was published for october/system (Composer) Jan 14, 2022
cydave
october/system arbitrary code execution High
CVE-2021-32650 was published for october/system (Composer) Jan 14, 2022
sushiwushi
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database