Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,690
Maven
5,000+
npm
4,320
NuGet
760
pip
4,096
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,883 advisories

Loading
Typo3 XSS Vulnerability Moderate
CVE-2011-4630 was published for typo3/cms (Composer) Apr 22, 2022
Typo3 Improper Access Control Moderate
CVE-2011-4904 was published for typo3/cms (Composer) Apr 22, 2022
Typo3 Arbitrary Information Disclosure Moderate
CVE-2011-4901 was published for typo3/cms (Composer) Apr 22, 2022
Typo3 XSS in RemoveXSS function Moderate
CVE-2011-4903 was published for typo3/cms (Composer) Apr 22, 2022
Elgg Reflected XSS Vulnerability Moderate
CVE-2011-2935 was published for elgg/elgg (Composer) Apr 22, 2022
Drupal Cross-Site Scripting vulnerability Moderate
CVE-2011-2714 was published for drupal/core (Composer) Apr 22, 2022
bbPress Cross-site Scripting (XSS) vulnerability Moderate
CVE-2011-1150 was published for bbpress/bbpress (Composer) Apr 22, 2022
Cross-site Scripting in Microweber Moderate
CVE-2022-1439 was published for microweber/microweber (Composer) Apr 23, 2022
Moodle default permissions too permissive Moderate
CVE-2012-1157 was published for moodle/moodle (Composer) Apr 23, 2022
Moodle included private user files in course backups Moderate
CVE-2012-1159 was published for moodle/moodle (Composer) Apr 23, 2022
PrestaShop XSS Vulnerability Moderate
CVE-2012-20001 was published for prestashop/prestashop (Composer) Apr 23, 2022
Stored cross-site scripting in Snipe-IT Moderate
CVE-2022-1445 was published for snipe/snipe-it (Composer) Apr 25, 2022
Stored cross site scripting in getgrav/grav Moderate
CVE-2022-1173 was published for getgrav/grav (Composer) Apr 27, 2022
Cross-site Scripting in microweber Moderate
CVE-2022-1504 was published for microweber/microweber (Composer) Apr 28, 2022
Reflected Cross-site Scripting in Shopware storefront Moderate
CVE-2022-24873 was published for shopware/shopware (Composer) Apr 28, 2022
Multiple valid tokens for password reset in Shopware Moderate
CVE-2022-24892 was published for shopware/shopware (Composer) Apr 28, 2022
Improper Access Control in snipe/snipe-it Moderate
CVE-2022-1511 was published for snipe/snipe-it (Composer) Apr 29, 2022
Missing authorization in Moodle Moderate
CVE-2022-0984 was published for moodle/moodle (Composer) Apr 30, 2022
Subrion CMS Cross-site Scripting (XSS) vulnerability in the `contact us` plugin Moderate
CVE-2021-41948 was published for intelliants/subrion (Composer) Apr 30, 2022
attritionorg
Credited to attritionorg
Improper Authentication in moodle Moderate
CVE-2022-0985 was published for moodle/moodle (Composer) Apr 30, 2022
An attacker can execute malicious javascript in Live Helper Chat Moderate
CVE-2022-1530 was published for remdex/livehelperchat (Composer) Apr 30, 2022
phpMyAdmin CRLF Injection Vulnerability Moderate
CVE-2005-3621 was published for phpmyadmin/phpmyadmin (Composer) May 1, 2022
phpSysInfo allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence Moderate
CVE-2006-3360 was published for phpsysinfo/phpsysinfo (Composer) May 1, 2022
Cross-site scripting (XSS) vulnerability in CakePHP Moderate
CVE-2006-4067 was published for cakephp/cakephp (Composer) May 1, 2022
ravage84
Credited to ravage84
Moodle does not properly validate module instance id Moderate
CVE-2006-4936 was published for moodle/moodle (Composer) May 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database