Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,870 advisories

Loading
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection Critical
CVE-2023-22727 was published for cakephp/cakephp (Composer) Jan 20, 2023
ravage84
pimcore is vulnerable to cross-site scripting via "title field " in data objects Moderate
CVE-2023-0323 was published for pimcore/pimcore (Composer) Jan 20, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0313 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ Reflected Cross-site Scripting vulnerability Moderate
CVE-2023-0314 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
thorsten/phpmyfaq is vulnerable to cross-site scripting (XSS) Moderate
CVE-2023-0312 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
Froxlor is vulnerable to path traversal Moderate
CVE-2023-0316 was published for froxlor/froxlor (Composer) Jan 16, 2023
Flarum notifications can leak restricted content Moderate
CVE-2023-22488 was published for flarum/core (Composer) Jan 10, 2023
clarkwinkelmann
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0306 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ has Weak Password Requirements Moderate
CVE-2023-0307 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0308 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0309 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ Improper Authentication vulnerability Critical
CVE-2023-0311 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0310 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
CakePHP vulnerable to Cross-site Scripting in some development error pages Moderate
GHSA-xwhj-pqcg-8rcr was published for cakephp/cakephp (Composer) Jan 20, 2023
CakePHP vulnerable to Remote File Inclusion through View template name manipulation Moderate
GHSA-p76f-wr22-4rv6 was published for cakephp/cakephp (Composer) Jan 20, 2023
CakePHP allows direct access of prefixed controller actions Moderate
GHSA-6hg4-vp5q-47mw was published for cakephp/cakephp (Composer) Jan 20, 2023
CakePHP vulnerable to Denial of Service attack through XML payloads High
GHSA-q79m-c546-2g63 was published for cakephp/cakephp (Composer) Jan 20, 2023
CakePHP SecurityComponent cross form submission issue Moderate
GHSA-j9q2-f9q7-jhgq was published for cakephp/cakephp (Composer) Jan 20, 2023
Shopware has Improper Input Validation issue in newsletter subscription Moderate
CVE-2023-22734 was published for shopware/core (Composer) Jan 20, 2023
Shopware has Insufficient Session Expiration in Administration Low
CVE-2023-22732 was published for shopware/core (Composer) Jan 20, 2023
CakePHP has incorrect Cross-Site Request Forgery validation Moderate
GHSA-829q-v5g8-hhxc was published for cakephp/cakephp (Composer) Jan 20, 2023
Insufficient output escaping of attachment names in PHPMailer High
CVE-2020-13625 was published for phpmailer/phpmailer (Composer) May 27, 2020
PocketMine-MP vulnerable to denial-of-service by sending large modal form responses Moderate
GHSA-7m9r-rq9j-wmmh was published for pocketmine/pocketmine-mp (Composer) Jan 10, 2023
AkmalFairuz
Cross-site scripting from content entered in the tags and multiselect fields High
GHSA-rv3r-vqjj-8c76 was published for getkirby/cms (Composer) Aug 30, 2022
phpxmlrpc vulnerable to argument injection Moderate
GHSA-q7qq-9gx2-ggxv was published for phpxmlrpc/phpxmlrpc (Composer) Dec 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database