Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,869 advisories

Loading
Incorrect Access Control in ImpressCMS Moderate
CVE-2021-26598 was published for impresscms/impresscms (Composer) Mar 29, 2022
Cross-site Scripting in Parsedown Moderate
CVE-2018-1000162 was published for erusev/parsedown (Composer) Mar 30, 2022
Cross-site Scripting (XSS) within joomla/filter class Moderate
CVE-2022-23800 was published for joomla/filter (Composer) Mar 31, 2022
Path Disclosure within joomla/filesystem class Moderate
CVE-2022-23794 was published for joomla/filesystem (Composer) Mar 31, 2022
Improper Certificate Validation in node-sass affects eZ Platform Moderate
GHSA-6v6p-g8cg-2hgg was published for ezsystems/ezplatform-admin-ui (Composer) Apr 1, 2022
Cross-site Scripting in craftcms/cms Moderate
CVE-2022-28378 was published for craftcms/cms (Composer) Apr 4, 2022
Open redirect in wwbn/avideo Moderate
CVE-2022-27463 was published for wwbn/avideo (Composer) Apr 6, 2022
HTML Injection in Froxlor Moderate
CVE-2020-29653 was published for froxlor/froxlor (Composer) Apr 14, 2022
MantisBT vulnerable to XSS due to improper escape in manage_plugin_page.php and manage_plugin_uninstall.php Moderate
CVE-2022-26144 was published for mantisbt/mantisbt (Composer) Apr 14, 2022
Cross-site Scripting in Pimcore Moderate
CVE-2022-1351 was published for pimcore/pimcore (Composer) Apr 15, 2022
Cross-site Scripting in snipe-it Moderate
CVE-2022-1380 was published for snipe/snipe-it (Composer) Apr 17, 2022
Cross site scripting in safe-svg Moderate
CVE-2022-1091 was published for darylldoyle/safe-svg (Composer) Apr 19, 2022
tdunlap607
Credited to tdunlap607
TYPO3 is vulnerable to Cross-Site Scripting (XSS) on the backend Moderate
CVE-2010-3660 was published for typo3/cms-backend (Composer) Apr 21, 2022
TYPO3 Open Redirection vulnerability on the backend Moderate
CVE-2010-3661 was published for typo3/cms-backend (Composer) Apr 21, 2022
TYPO3 is vulnerable to Spam Abuse in the native form content element Moderate
CVE-2010-3667 was published for typo3/cms-frontend (Composer) Apr 21, 2022
TYPO3 is vulnerable to Insecure randomness in uniqid function Moderate
CVE-2010-3666 was published for typo3/cms-install (Composer) Apr 21, 2022
TYPO3 is vulnerable to Information Disclosure on the backend Moderate
CVE-2010-3664 was published for typo3/cms-backend (Composer) Apr 21, 2022
TYPO3 is vulnerable to insecure randomness during hash generation in forgot password function Moderate
CVE-2010-3670 was published for typo3/cms-frontend (Composer) Apr 21, 2022
TYPO3 is vulnerable to Session Fixation Moderate
CVE-2010-3671 was published for typo3/cms-install (Composer) Apr 21, 2022
TYPO3 vulnerable to Cross-Site Scripting in the textarea view helper Moderate
CVE-2010-3672 was published for typo3/cms-fluid (Composer) Apr 21, 2022
TYPO3 is vulnerable to Information Disclosure in the HTML mailing API Moderate
CVE-2010-3673 was published for typo3/cms-core (Composer) Apr 21, 2022
Typo3 Information Disclosure Moderate
CVE-2011-4627 was published for typo3/cms (Composer) Apr 22, 2022
Typo3 Information Disclosure Moderate
CVE-2011-4900 was published for typo3/cms (Composer) Apr 22, 2022
Typo3 XSS Vulnerabilities Moderate
CVE-2011-4632 was published for typo3/cms (Composer) Apr 22, 2022
Typo3 Arbitrary File Delete Moderate
CVE-2011-4902 was published for typo3/cms (Composer) Apr 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database