GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+
137,177 advisories
Filter by severity
Shopware has Improper Input Validation issue in newsletter subscription
Moderate
CVE-2023-22734
was published
for
shopware/core
(Composer)
Jan 20, 2023
CakePHP SecurityComponent cross form submission issue
Moderate
GHSA-j9q2-f9q7-jhgq
was published
for
cakephp/cakephp
(Composer)
Jan 20, 2023
CakePHP allows direct access of prefixed controller actions
Moderate
GHSA-6hg4-vp5q-47mw
was published
for
cakephp/cakephp
(Composer)
Jan 20, 2023
CakePHP vulnerable to Remote File Inclusion through View template name manipulation
Moderate
GHSA-p76f-wr22-4rv6
was published
for
cakephp/cakephp
(Composer)
Jan 20, 2023
mel-spintax has Inefficient Regular Expression Complexity
Moderate
CVE-2018-25077
was published
for
mel-spintax
(npm)
Jan 18, 2023
CakePHP vulnerable to Cross-site Scripting in some development error pages
Moderate
GHSA-xwhj-pqcg-8rcr
was published
for
cakephp/cakephp
(Composer)
Jan 20, 2023
Fat Free CRM contains Cross-site Request Forgery vulnerablilities
Moderate
CVE-2013-7223
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM allows remote attackers to obtain sensitive information via a direct request
Moderate
CVE-2013-7224
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM vulnerable to SQL Injection
Moderate
CVE-2013-7225
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM vulnerable to Exposure of Sensitive Information
Moderate
CVE-2013-7249
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
Fat Free CRM subject to Cross-site Scripting
Moderate
CVE-2014-5441
was published
for
fat_free_crm
(RubyGems)
May 17, 2022
uap-core Regular Expression Denial of Service issue
Moderate
CVE-2018-20164
was published
for
uap-core
(npm)
Mar 6, 2019
Loofah Cross-site Scripting vulnerability
Moderate
CVE-2018-16468
was published
for
loofah
(RubyGems)
Nov 1, 2018
private_address_check vulnerable to bypass of Resolv.getaddresses method
Moderate
CVE-2017-0904
was published
for
private_address_check
(RubyGems)
Nov 29, 2017
There is an infoleak vulnerability in the Linux kernel's net/bluetooth/l2cap_core.c's...
Moderate
Unreviewed
CVE-2022-42895
was published
Nov 23, 2022
Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the ...
Moderate
Unreviewed
CVE-2017-16264
was published
Jan 12, 2023
Keycloak has lack of validation of access token on client registrations endpoint
Moderate
CVE-2023-0091
was published
for
org.keycloak:keycloak-core
(Maven)
Jan 12, 2023
Publify Core does not strip metadata from images
Moderate
CVE-2022-2815
was published
for
publify_core
(RubyGems)
Jan 14, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability
Moderate
CVE-2023-0310
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability
Moderate
CVE-2023-0309
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability
Moderate
CVE-2023-0308
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
phpMyFAQ has Weak Password Requirements
Moderate
CVE-2023-0307
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability
Moderate
CVE-2023-0306
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
Flarum notifications can leak restricted content
Moderate
CVE-2023-22488
was published
for
flarum/core
(Composer)
Jan 10, 2023
git2-rs fails to verify SSH keys by default
Moderate
GHSA-m4ch-rfv5-x5g3
was published
for
git2
(Rust)
Jan 20, 2023
ProTip!
Advisories are also available from the
GraphQL API