GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+
4,870 advisories
Filter by severity
SQL injection in jackalope/jackalope-doctrine-dbal
High
CVE-2021-43822
was published
for
jackalope/jackalope-doctrine-dbal
(Composer)
Dec 14, 2021
PHP file inclusion in the Sulu admin panel
High
CVE-2021-43836
was published
for
sulu/sulu
(Composer)
Dec 15, 2021
Privilege escalation in the Sulu Admin panel
High
CVE-2021-43835
was published
for
sulu/sulu
(Composer)
Dec 15, 2021
Dolibarr Cross Site Scripting (XSS) vulnerability
Moderate
CVE-2021-42220
was published
for
dolibarr/dolibarr
(Composer)
Dec 16, 2021
yetiforcecrm is vulnerable to Cross-site Scripting
Moderate
CVE-2021-4107
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 16, 2021
snipe-it is vulnerable to Cross-site Scripting
Moderate
CVE-2021-4108
was published
for
snipe/snipe-it
(Composer)
Dec 16, 2021
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4092
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 16, 2021
phpservermon is vulnerable to CRLF Injection
Moderate
CVE-2021-4097
was published
for
phpservermon/phpservermon
(Composer)
Dec 16, 2021
pimcore is vulnerable to Cross-site Scripting
Moderate
CVE-2021-4081
was published
for
pimcore/pimcore
(Composer)
Dec 16, 2021
pimcore is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4082
was published
for
pimcore/pimcore
(Composer)
Dec 16, 2021
Cross-site Scripting in pimcore
Moderate
CVE-2021-4084
was published
for
pimcore/pimcore
(Composer)
Dec 16, 2021
snipe-it is vulnerable to Improper Access Control
Moderate
CVE-2021-4089
was published
for
snipe/snipe-it
(Composer)
Dec 16, 2021
Open Redirect in showdoc
Moderate
CVE-2021-4000
was published
for
showdoc/showdoc
(Composer)
Dec 16, 2021
Inability to de-op players if listed in ops.txt with non-lowercase letters
Low
GHSA-j5qg-w9jg-3wg3
was published
for
pocketmine/pocketmine-mp
(Composer)
Dec 16, 2021
BookStack is vulnerable to Improper Access Control.
Moderate
CVE-2021-4119
was published
for
ssddanbrown/bookstack
(Composer)
Dec 16, 2021
yetiforcecrm is vulnerable to Cross-site Scripting
Moderate
CVE-2021-4116
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 16, 2021
YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product
Moderate
CVE-2021-4117
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 16, 2021
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number
High
CVE-2021-4111
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 16, 2021
ThinkPHP5 SQL Injection vulnerability
Critical
CVE-2021-44350
was published
for
topthink/framework
(Composer)
Dec 17, 2021
yetiforcecrm is vulnerable to Cross-site Scripting
Moderate
CVE-2021-4121
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 17, 2021
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
CVE-2021-4123
was published
for
remdex/livehelperchat
(Composer)
Dec 17, 2021
Cross site scripting in dolibarr
Moderate
CVE-2022-22293
was published
for
dolibarr/dolibarr
(Composer)
Jan 3, 2022
Cross-site Scripting in Anchor CMS
Moderate
CVE-2021-44116
was published
for
anchorcms/anchor-cms
(Composer)
Jan 5, 2022
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
High
CVE-2021-4130
was published
for
snipe/snipe-it
(Composer)
Jan 5, 2022
ProTip!
Advisories are also available from the
GraphQL API