Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,690
Maven
5,000+
npm
4,320
NuGet
760
pip
4,096
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,883 advisories

Loading
Microweber vulnerable to cross-site scripting (XSS) Moderate
CVE-2022-1555 was published for microweber/microweber (Composer) May 5, 2022
Cross-site Scripting in FacturaScripts Moderate
CVE-2022-1571 was published for facturascripts/facturascripts (Composer) May 5, 2022
Symfony Host Header Injection vulnerability in the HttpFoundation component Moderate
CVE-2013-4752 was published for symfony/http-foundation (Composer) May 5, 2022
PrestaShop Stored Cross-Site Scripting Vulnerability Moderate
CVE-2013-4791 was published for prestashop/prestashop (Composer) May 5, 2022
Unrestricted Upload of File with Dangerous Type in yetiforce-crm Moderate
CVE-2022-1411 was published for yetiforce/yetiforce-crm (Composer) May 6, 2022
Improper Access Control in wp-graphql Moderate
CVE-2019-25060 was published for wp-graphql/wp-graphql (Composer) May 10, 2022
Cross-site Scripting in facturascripts Moderate
CVE-2022-1682 was published for facturascripts/facturascripts (Composer) May 13, 2022
TYPO3 femanager extension allows remote frontend users to modify or delete records of other frontend users Moderate
CVE-2014-6292 was published for in2code/femanager (Composer) May 13, 2022
Moodle XSS Vulnerability Moderate
CVE-2019-3810 was published for moodle/moodle (Composer) May 13, 2022
Moodle XSS Vulnerability Moderate
CVE-2019-3847 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Moodle Logged in users could view all calendar events Moderate
CVE-2019-3848 was published for moodle/moodle (Composer) May 13, 2022
MantisBT XSS allows unsanitized input via admin/install.php Moderate
CVE-2017-12061 was published for mantisbt/mantisbt (Composer) May 13, 2022
Moodle Authenticated Spelling Binary Remote Code Execution Moderate
CVE-2013-3630 was published for moodle/moodle (Composer) May 13, 2022
Symfony HTTP Foundation web cache poisoning Moderate
CVE-2018-14773 was published for symfony/http-foundation (Composer) May 13, 2022
llupa
Credited to llupa
Sensitive Data Exposure in elFinder Moderate
CVE-2019-5884 was published for studio-42/elfinder (Composer) May 13, 2022
Pi Cross-site Scripting vulnerability Moderate
CVE-2017-7251 was published for pi/pi (Composer) May 13, 2022
HTML Purifier cross-site scripting (XSS) vulnerability Moderate
CVE-2010-4183 was published for ezyang/htmlpurifier (Composer) May 13, 2022
Bootstrap vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2018-14040 was published for bootstrap (RubyGems) May 13, 2022
jhutchings1 stof
Churro tdunlap607 jenhae
Credited to jhutchings1, stof, Churro, tdunlap607, and jenhae
Concrete CMS vulnerable to cross-site scripting (XSS) Moderate
CVE-2017-7725 was published for concrete5/concrete5 (Composer) May 13, 2022
BaserCMS privilege escallation Moderate
CVE-2011-2674 was published for baserproject/basercms (Composer) May 13, 2022
baserCMS Access Control Bypass Moderate
CVE-2015-5640 was published for baserproject/basercms (Composer) May 13, 2022
Securimage HTML Injection Moderate
CVE-2017-14077 was published for dapphp/securimage (Composer) May 13, 2022
INTER-Mediator Cross-Site Scripting (XSS) Moderate
CVE-2017-6484 was published for inter-mediator/inter-mediator (Composer) May 13, 2022
Bolt Improper Access Control Moderate
CVE-2017-16754 was published for bolt/bolt (Composer) May 13, 2022
Moodle Improper Access Control Moderate
CVE-2016-3729 was published for moodle/moodle (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database