Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,886 advisories

Loading
CakePHP directory traversal vulnerability allows remote attackers to read arbitrary files Moderate
CVE-2006-5031 was published for cakephp/cakephp (Composer) May 1, 2022
ravage84
Credited to ravage84
HTML Purifier Cross-site Scripting vulnerability Moderate
CVE-2007-3498 was published for ezyang/htmlpurifier (Composer) May 1, 2022
Rudloff
Credited to Rudloff
Joomla! vulnerable to CRLF injection Moderate
CVE-2007-4190 was published for joomla/application (Composer) May 1, 2022
Moodle vulnerable to Cross-site scripting Moderate
CVE-2008-1502 was published for moodle/moodle (Composer) May 1, 2022
TYPO3 Unrestricted File Upload vulnerability Moderate
CVE-2008-2717 was published for typo3/cms-core (Composer) May 1, 2022
phpMyAdmin extension for TYPO3 has Cross-site Scripting vulnerability Moderate
CVE-2008-3032 was published for mehrwert/phpmyadmin (Composer) May 1, 2022
Joomla! allows attackers to access cached pages Moderate
CVE-2008-3226 was published for joomla/joomla-platform (Composer) May 1, 2022
Drupal vulnerable to Cross-site Scripting Moderate
CVE-2008-3218 was published for drupal/drupal (Composer) May 1, 2022
Joomla! doesn't configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs Moderate
CVE-2008-3228 was published for joomla/joomla-platform (Composer) May 1, 2022
Joomla! Open Redirect vulnerability Moderate
CVE-2008-4104 was published for joomla/framework (Composer) May 2, 2022
TYPO3 leaks a hash secret in an error message Moderate
CVE-2009-0815 was published for typo3/cms (Composer) May 2, 2022
Typo3 Backend XSS Vulnerability Moderate
CVE-2009-0816 was published for typo3/cms (Composer) May 2, 2022
TYPO3 Backend vulnerable to Frame Hijacking Moderate
CVE-2009-3630 was published for typo3/cms-backend (Composer) May 2, 2022
TYPO3 Backend Discloses Encryption Key Moderate
CVE-2009-3628 was published for typo3/cms-backend (Composer) May 2, 2022
TYPO3 API function vulnerable to Cross-site Scripting Moderate
CVE-2009-3633 was published for typo3/cms-core (Composer) May 2, 2022
Typo3 API Install Tool vulnerable to Cross-site Scripting Moderate
CVE-2009-3636 was published for typo3/cms-install (Composer) May 2, 2022
TYPO3 Install Tool Subcomponent Allows Access Using Only a Password's MD5 Hash as a Credential Moderate
CVE-2009-3635 was published for typo3/cms (Composer) May 2, 2022
phpMyAdmin Cross-site Scripting In MySQL Table Name Moderate
CVE-2009-3696 was published for phpmyadmin/phpmyadmin (Composer) May 2, 2022
freeCap CAPTCHA extension for TYPO3 has vulnerability in the session handling feature Moderate
CVE-2009-3818 was published for sjbr/sr-freecap (Composer) May 2, 2022
Apache Solr Search for TYPO3 vulnerable to Cross-site Scripting Moderate
CVE-2009-3821 was published for apache-solr-for-typo3/solr (Composer) May 2, 2022
TYPO3 Simple Download-System with Counter and Categories Vulnerable to Information Disclosure Moderate
CVE-2009-4160 was published for jweiland/kk-downloader (Composer) May 2, 2022
Smarty Does Not Consider Umask Values When Setting Permissions Moderate
CVE-2009-5054 was published for smarty/smarty (Composer) May 2, 2022
SCart is vulnerable to cross-site scripting (XSS) Moderate
CVE-2022-21149 was published for s-cart/core (Composer) May 3, 2022
Cross-site Scripting in Microweber Moderate
CVE-2022-1584 was published for microweber/microweber (Composer) May 5, 2022
MantisBT vulnerable to XSS via unescaped output in browser_search_plugin.php Moderate
CVE-2022-28508 was published for mantisbt/mantisbt (Composer) May 5, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database