Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,870 advisories

Loading
Accessibility Glossary (a21glossary) SQL injection vulnerability High
CVE-2009-4803 was published for svewap/a21glossary (Composer) May 2, 2022
TYPO3 PHP remote file inclusion vulnerability High
CVE-2010-1153 was published for typo3/cms (Composer) May 2, 2022
Formie has XSS vulnerability for email notification content for preview Moderate
CVE-2025-32426 was published for verbb/formie (Composer) Apr 11, 2025
Formie has XSS vulnerability for importing forms Moderate
CVE-2025-32427 was published for verbb/formie (Composer) Apr 11, 2025
Yii does not prevent XSS in scenarios where fallback error renderer is used Moderate
CVE-2025-32027 was published for yiisoft/yii (Composer) Apr 11, 2025
lgrewe
Silverstripe Framework has a XSS vulnerability in HTML editor Moderate
CVE-2025-30148 was published for silverstripe/framework (Composer) Apr 10, 2025
Silverstripe cross-site scripting (XSS) attack in elemental "Content blocks in use" report Moderate
CVE-2025-25197 was published for dnadesign/silverstripe-elemental (Composer) Apr 10, 2025
Silverstripe Framework user enumeration via timing attack on login and password reset forms Moderate
GHSA-256q-hx8w-xcqx was published for silverstripe/framework (Composer) Apr 10, 2025
RaspAP Vulnerable to Code Injection via an Unknown Process in File `includes/provider.php` Moderate
CVE-2024-2497 was published for billz/raspap-webgui (Composer) Mar 15, 2024
ibexa/fieldtype-richtext allows access to external entities in XML High
GHSA-cj3w-g42v-wcj6 was published for ibexa/fieldtype-richtext (Composer) Apr 10, 2025
ezsystems/ezplatform-richtext allows access to external entities in XML High
GHSA-2jqj-5qv2-xvcg was published for ezsystems/ezplatform-richtext (Composer) Apr 10, 2025
TYPO3 powermail Extension Vulnerable to SQL Injection via Unspecified Vectors High
CVE-2010-0329 was published for in2code/powermail (Composer) May 2, 2022
TYPO3 Simple Download-System with Counter and Categories Vulnerable to Information Disclosure Moderate
CVE-2009-4160 was published for jweiland/kk-downloader (Composer) May 2, 2022
TYPO3 Direct Mail Extension Vulnerable to Cross-Site Scripting (XSS) Low
CVE-2009-4159 was published for directmailteam/direct-mail (Composer) May 2, 2022
TYPO3 Install Tool Subcomponent Allows Access Using Only a Password's MD5 Hash as a Credential Moderate
CVE-2009-3635 was published for typo3/cms (Composer) May 2, 2022
freeCap CAPTCHA extension for TYPO3 has vulnerability in the session handling feature Moderate
CVE-2009-3818 was published for sjbr/sr-freecap (Composer) May 2, 2022
Frontend User Registration extension for TYPO3 does not properly verify access rights High
CVE-2009-1264 was published for sjbr/sr-feuser-register (Composer) May 2, 2022
TYPO3 leaks a hash secret in an error message Moderate
CVE-2009-0815 was published for typo3/cms (Composer) May 2, 2022
AdaptCMS SQL Injection vulnerability High
CVE-2008-4524 was published for adaptcms/adaptcms (Composer) May 2, 2022
typo3/cms-felogin Cross-site Scripting vulnerability Low
CVE-2008-5656 was published for typo3/cms-felogin (Composer) May 17, 2022
Joomla! doesn't configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs Moderate
CVE-2008-3228 was published for joomla/joomla-platform (Composer) May 1, 2022
Joomla! allows attackers to access cached pages Moderate
CVE-2008-3226 was published for joomla/joomla-platform (Composer) May 1, 2022
phpMyAdmin extension for TYPO3 has Cross-site Scripting vulnerability Moderate
CVE-2008-3032 was published for mehrwert/phpmyadmin (Composer) May 1, 2022
wallabag/wallabag Has Multiple Cross-Site Request Forgery (CSRF) Vulnerabilities Moderate
GHSA-5pm7-cp8f-p2c2 was published for wallabag/wallabag (Composer) Apr 9, 2025
yguedidi
Joomla Framework Database Package Vulnerable to SQL Injection Moderate
CVE-2025-25226 was published for joomla/database (Composer) Apr 8, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database