Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,302
NuGet
760
pip
4,080
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,330 advisories

Loading
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via adminlog High
CVE-2023-1878 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to business logic errors High
CVE-2023-1887 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
G-Rath
Credited to G-Rath
thorsten/phpmyfaq vulnerable to DOM cross-site scripting (XSS) via configuration privacy note URL parameter High
CVE-2023-1882 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
Microweber vulnerable to stored cross-site scripting (XSS) via X-Forwarded-For header High
CVE-2023-1881 was published for microweber/microweber (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) in FAQ comment username parameter High
CVE-2023-1758 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via artlang parameter High
CVE-2023-1880 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to authentication bypass High
CVE-2023-1886 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
Uvdesk remote code execution vulnerability High
CVE-2023-0265 was published for uvdesk/community-skeleton (Composer) Apr 5, 2023
Appwrite Server-Side Request Forgery vulnerability High
CVE-2023-27159 was published for appwrite/server-ce (Composer) Mar 31, 2023
thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management High
CVE-2023-1762 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
smarty Cross-site Scripting vulnerability in Javascript escaping High
CVE-2023-28447 was published for smarty/smarty (Composer) Mar 29, 2023
takaram
Credited to takaram
Magento Open Source allows XML Injection High
CVE-2023-22247 was published for magento/community-edition (Composer) Mar 27, 2023
NotrinosERP vulnerable to SQL Injection High
CVE-2023-24788 was published for notrinos/notrinos-erp (Composer) Mar 23, 2023
Moodle SQL Injection vulnerability High
CVE-2023-28329 was published for moodle/moodle (Composer) Mar 23, 2023
Moodle vulnerable to Cross-site Request Forgery High
CVE-2023-28335 was published for moodle/moodle (Composer) Mar 23, 2023
Teampass SQL Injection vulnerability High
CVE-2023-1545 was published for nilsteampassnet/teampass (Composer) Mar 21, 2023
Improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model High
CVE-2023-28108 was published for pimcore/pimcore (Composer) Mar 17, 2023
DDOS attack on graphql endpoints High
CVE-2023-28104 was published for silverstripe/graphql (Composer) Mar 16, 2023
GuySartorelli
Credited to GuySartorelli
Code Injection in alextselegidis/easyappointments High
CVE-2023-1367 was published for alextselegidis/easyappointments (Composer) Mar 13, 2023
Company admin role gives excessive privileges in eZ Platform Ibexa High
CVE-2022-48365 was published for ezsystems/ezplatform-kernel (Composer) Mar 12, 2023
cockpit-hq/cockpit is vulnerable to unrestricted file uploads High
CVE-2023-1313 was published for cockpit-hq/cockpit (Composer) Mar 10, 2023
Moodle vulnerable to Server-Side Request Forgery High
CVE-2021-36396 was published for moodle/moodle (Composer) Mar 6, 2023
Moodle vulnerable to Uncontrolled Resource Consumption High
CVE-2021-36395 was published for moodle/moodle (Composer) Mar 6, 2023
phpseclib Infinite Loop vulnerability High
CVE-2023-27560 was published for phpseclib/phpseclib (Composer) Mar 3, 2023
janedbal
Credited to janedbal
api-platform/core's secured properties may be accessible within collections High
CVE-2023-25575 was published for api-platform/core (Composer) Feb 28, 2023
Toflar soyuka
Credited to Toflar and soyuka
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database