Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,290 advisories

Loading
CodeIgniter4 Potential Session Handlers Vulnerability High
CVE-2022-46170 was published for codeigniter4/framework (Composer) Dec 22, 2022
srtnlgn
CodeIgniter4 allows spoofing of IP address when using proxy High
CVE-2022-23556 was published for codeigniter4/framework (Composer) Dec 22, 2022
"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data High
CVE-2022-47410 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
"Newsletter subscriber management" (fp_newsletter) TYPO3 extension leaks subscriber data High
CVE-2022-47411 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework High
CVE-2022-23503 was published for typo3/cms (Composer) Dec 13, 2022
phpMyFAQ has insecure HTTP cookies High
CVE-2022-4409 was published for thorsten/phpmyfaq (Composer) Dec 11, 2022
Akeneo PIM Community Edition vulnerable to remote php code execution High
CVE-2022-46157 was published for akeneo/pim-community-dev (Composer) Dec 9, 2022
Thinkphp has a code logic error High
CVE-2022-44289 was published for topthink/framework (Composer) Dec 6, 2022
Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks High
CVE-2022-46464 was published for concrete5/concrete5 (Composer) Dec 6, 2022 withdrawn
LisaCISO
Craft CMS discloses password hashes High
CVE-2022-37783 was published for craftcms/cms (Composer) Dec 5, 2022
ThinkCMF Cross Site Request Forgery (CSRF) vulnerability High
CVE-2022-40489 was published for thinkcmf/thinkcmf (Composer) Dec 1, 2022
code injection in phpxmlrpc/phpxmlrpc High
GHSA-3fgr-xjr6-xqm8 was published for phpxmlrpc/phpxmlrpc (Composer) Nov 28, 2022
tdunlap607
Browsershot does not validate URL protocols passed to Browsershot URL method High
CVE-2022-41706 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607
Account Takeover Through Password Reset Poisoning High
CVE-2022-33012 was published for microweber/microweber (Composer) Nov 22, 2022
Blind SQL Injection via GridFieldSortableHeader High
CVE-2022-38148 was published for silverstripe/framework (Composer) Nov 22, 2022
Prevent RCE when deserializing untrusted user input High
CVE-2022-41922 was published for yiisoft/yii (Composer) Nov 21, 2022
fi3wey
Cross-site Scripting in librenms/librenms High
CVE-2022-4068 was published for librenms/librenms (Composer) Nov 20, 2022
Deserialization of Untrusted Data in librenms/librenms High
CVE-2022-3525 was published for librenms/librenms (Composer) Nov 20, 2022
Concrete CMS vulnerable to Cross-site Request Forgery High
CVE-2022-43693 was published for concrete5/concrete5 (Composer) Nov 14, 2022
ezplatform-graphql GraphQL queries can expose password hashes High
CVE-2022-41876 was published for ezsystems/ezplatform-graphql (Composer) Nov 10, 2022
tranca
phpCAS vulnerable to Service Hostname Discovery Exploitation High
CVE-2022-39369 was published for apereo/phpcas (Composer) Nov 1, 2022
Duplicate Advisory: Cross-Site Request Forgery in easyii CMS High
CVE-2022-3772 was published for noumo/easyii (Composer) Oct 31, 2022 withdrawn
Prototype pollution in Snowboard framework High
CVE-2022-39357 was published for wintercms/winter (Composer) Oct 27, 2022
Magento Improper input validation vulnerability High
CVE-2022-42344 was published for magento/community-edition (Composer) Oct 20, 2022
phpMyFAQ vulnerable to Cross-site Scripting High
CVE-2022-3608 was published for phpmyfaq/phpmyfaq (Composer) Oct 19, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database