Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,290 advisories

Loading
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter High
CVE-2023-30130 was published for craftcms/cms (Composer) May 12, 2023
Embedding untrusted input inside CSV files leads to Formula Injection/CSV Injection High
CVE-2023-2629 was published for pimcore/customer-management-framework-bundle (Composer) May 11, 2023
sampritdas8
teampass vulnerable to code injection High
CVE-2023-2591 was published for nilsteampassnet/teampass (Composer) May 9, 2023
Cross Site Scripting in thorsten/phpmyfaq High
CVE-2023-2550 was published for thorsten/phpmyfaq (Composer) May 5, 2023
Moodle SQL Injection vulnerability High
CVE-2023-30944 was published for moodle/moodle (Composer) May 2, 2023
WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account High
CVE-2023-30860 was published for wwbn/avideo (Composer) May 1, 2023
gonzxph
Remote code injection in wwbn/avideo High
CVE-2023-30854 was published for wwbn/avideo (Composer) Apr 27, 2023
jmrcsnchz
SQL Injection in AssetController High
CVE-2023-2338 was published for pimcore/pimcore (Composer) Apr 27, 2023
rekter0
SQL Injection in Admin Translations API High
CVE-2023-30850 was published for pimcore/pimcore (Composer) Apr 27, 2023
SQL Injection in Translation Export API High
CVE-2023-30849 was published for pimcore/pimcore (Composer) Apr 27, 2023
SQL Injection in Admin Search Find API High
CVE-2023-30848 was published for pimcore/pimcore (Composer) Apr 27, 2023
Cross site scripting (XSS) in wwbn/avideo High
GHSA-2fch-hv74-fgw9 was published for wwbn/avideo (Composer) Apr 26, 2023
gonzxph
Path traversal vulnerability in the file manager High
CVE-2023-29200 was published for contao/contao (Composer) Apr 26, 2023
Arbitrary file read via SQL injection High
CVE-2023-30545 was published for prestashop/prestashop (Composer) Apr 26, 2023
truff77
Improper input validation in Drupal core High
CVE-2022-25273 was published for drupal/core (Composer) Apr 26, 2023
Possible XSS injection through Validate::isCleanHTML method High
CVE-2023-30838 was published for prestashop/prestashop (Composer) Apr 25, 2023
touchweb-vincent
HTTP Multiline Header Termination High
CVE-2023-29530 was published for laminas/laminas-diactoros (Composer) Apr 24, 2023
GrahamCampbell TimWolla
Improper Privilege Management in microweber High
CVE-2023-2240 was published for microweber/microweber (Composer) Apr 22, 2023
Improper Control of Generation of Code in Twig rendered views High
CVE-2023-2017 was published for shopware/core (Composer) Apr 18, 2023
Creastery
yuan1994 tpAdmin Unrestricted Upload of File with Dangerous Type vulnerability High
CVE-2023-1970 was published for yuan1994/tpadmin (Composer) Apr 10, 2023
Microweber vulnerable to stored cross-site scripting (XSS) via X-Forwarded-For header High
CVE-2023-1881 was published for microweber/microweber (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) in FAQ comment username parameter High
CVE-2023-1758 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via artlang parameter High
CVE-2023-1880 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via adminlog High
CVE-2023-1878 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to authentication bypass High
CVE-2023-1886 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database