Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,700
Maven
5,000+
npm
4,327
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,886 advisories

Loading
HTML injection possibility in voucher code form in Shopware Moderate
CVE-2022-24746 was published for shopware/core (Composer) Mar 10, 2022
Froxlor contains Business Logic Errors Moderate
CVE-2023-0565 was published for froxlor/froxlor (Composer) Jan 30, 2023
Froxlor contains Static Code Injection Moderate
CVE-2023-0566 was published for froxlor/froxlor (Composer) Jan 30, 2023
magento-lts Reset Password not protected against well-timed CSRF Moderate
CVE-2021-21395 was published for openmage/magento-lts (Composer) Jan 26, 2023
Froxlor contains Unchecked Error Condition Moderate
CVE-2023-0572 was published for froxlor/froxlor (Composer) Jan 30, 2023
Withdrawn: wallabag subject to Improper Authorization via annotations Moderate
GHSA-xrw3-wqph-3fxg was published for wallabag/wallabag (Composer) Feb 1, 2023 withdrawn
Microweber contains Cross-site Scripting Moderate
CVE-2023-0608 was published for microweber/microweber (Composer) Feb 1, 2023
Withdrawn: wallabag subject to Improper Authorization Moderate
GHSA-h45f-rjvw-2rv2 was published for wallabag/wallabag (Composer) Feb 1, 2023 withdrawn
Pimcore contains Unrestricted Upload of File with Dangerous Type Moderate
CVE-2023-23937 was published for pimcore/pimcore (Composer) Feb 2, 2023
Cross-site Scripting in LimeSurvey Moderate
CVE-2019-16173 was published for limesurvey/limesurvey (Composer) May 24, 2022
Cross-site Scripting in LimeSurvey Moderate
CVE-2019-16172 was published for limesurvey/limesurvey (Composer) May 24, 2022
Cross Site Scripting (XSS) in Model\DataObject\Data\UrlSlug Moderate
GHSA-76r7-h46w-463r was published for pimcore/pimcore (Composer) Feb 15, 2023
Sanket-722
Credited to Sanket-722
Cross-site Scripting (XSS) in wallabag/wallabag Moderate
CVE-2023-0736 was published for wallabag/wallabag (Composer) Feb 8, 2023
Cross-Site Request Forgery (CSRF) in wallabag/wallabag Moderate
CVE-2023-0735 was published for wallabag/wallabag (Composer) Feb 8, 2023
Microweber Cross-site Scripting vulnerability Moderate
CVE-2021-32856 was published for microweber/microweber (Composer) Feb 21, 2023
Cross-site Scripting in pimcore Moderate
CVE-2023-0827 was published for pimcore/pimcore (Composer) Feb 14, 2023
Improper Restriction of Rendered UI Layers or Frames in cockpit-hq/cockpit Moderate
CVE-2023-0780 was published for cockpit-hq/cockpit (Composer) Feb 11, 2023
Cross-site Scripting in thorsten/phpmyfaq Moderate
CVE-2023-0786 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
Cross-site Scripting in thorsten/phpmyfaq Moderate
CVE-2023-0787 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
Code Injection in thorsten/phpmyfaq Moderate
CVE-2023-0792 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
wallabag contains Improper Authorization via export feature Moderate
CVE-2023-0609 was published for wallabag/wallabag (Composer) Feb 2, 2023
bAuh0lz
Credited to bAuh0lz
Misinterpretation of Input in thorsten/phpmyfaq Moderate
CVE-2023-0880 was published for thorsten/phpmyfaq (Composer) Feb 17, 2023
Pixelfed allows user enumeration via reset password functionality Moderate
CVE-2023-0901 was published for pixelfed/pixelfed (Composer) Feb 18, 2023
Pixelfed may allow unauthorized actor to view private posts Moderate
CVE-2023-0914 was published for pixelfed/pixelfed (Composer) Feb 19, 2023
Pimcore vulnerable to Cross-site Scripting Moderate
CVE-2023-1067 was published for pimcore/pimcore (Composer) Feb 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database