Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,870 advisories

Loading
Weak Password Requirements in Daybyday CRM High
CVE-2022-22110 was published for bottelet/flarepoint (Composer) Jan 8, 2022
Missing Authorization in DayByDay CRM Moderate
CVE-2022-22108 was published for bottelet/flarepoint (Composer) Jan 8, 2022
Missing Authorization in DayByDay CRM Moderate
CVE-2022-22107 was published for bottelet/flarepoint (Composer) Jan 8, 2022
Cross-site Scripting in DayByDay CRM Moderate
CVE-2022-22109 was published for bottelet/flarepoint (Composer) Jan 8, 2022
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4194 was published for ssddanbrown/bookstack (Composer) Jan 8, 2022
XSS vulnerability in translations Moderate
GHSA-rrgw-3hg3-9x8c was published for oro/platform (Composer) Jan 12, 2022
Sandbox Escape by math function in smarty High
CVE-2021-29454 was published for smarty/smarty (Composer) Jan 12, 2022
Access to restricted PHP code by dynamic static class access in smarty High
CVE-2021-21408 was published for smarty/smarty (Composer) Jan 12, 2022
Logic error in dolibarr Moderate
CVE-2022-0174 was published for dolibarr/dolibarr (Composer) Jan 12, 2022
Unchecked validity of Facing values in PlayerActionPacket High
GHSA-xh99-hw7h-wf63 was published for pocketmine/pocketmine-mp (Composer) Jan 13, 2022
October/System authenticated file write leads to remote code execution High
CVE-2021-32649 was published for october/system (Composer) Jan 14, 2022
cydave
october/system arbitrary code execution High
CVE-2021-32650 was published for october/system (Composer) Jan 14, 2022
sushiwushi
Code Injection in microweber High
CVE-2022-0282 was published for microweber/microweber (Composer) Jan 21, 2022
Microweber Incorrect Permission Assignment for Critical Resource vulnerability Moderate
CVE-2022-0277 was published for microweber/microweber (Composer) Jan 21, 2022
Exposure of Sensitive Information to an Unauthorized Actor in microweber High
CVE-2022-0281 was published for microweber/microweber (Composer) Jan 21, 2022
Cross-site Scripting in microweber Moderate
CVE-2022-0278 was published for microweber/microweber (Composer) Jan 21, 2022
Cross-site Scripting in pimcore Moderate
CVE-2022-0285 was published for pimcore/pimcore (Composer) Jan 21, 2022
Insufficient Session Expiration in Pterodactyl API Moderate
GHSA-7v3x-h7r2-34jv was published for pterodactyl/panel (Composer) Jan 21, 2022
EgoMaw
Authorization Bypass Through User-Controlled Key in LiveHelperChat Moderate
CVE-2022-0266 was published for remdex/livehelperchat (Composer) Jan 21, 2022
Unhandled exception when decoding form response JSON High
GHSA-wjfq-88q2-r34j was published for pocketmine/pocketmine-mp (Composer) Jan 21, 2022
Impersonation of other users (passing XBOX Live authentication) by theft of logins in PocketMine-MP Moderate
GHSA-h79x-98r2-g6qc was published for pocketmine/pocketmine-mp (Composer) Jan 21, 2022
IBX-1392: Image filenames sanitization High
GHSA-44m4-9cjp-j587 was published for ezsystems/ezpublish-kernel (Composer) Jan 21, 2022
Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat Moderate
CVE-2022-0245 was published for livehelperchat/livehelperchat (Composer) Jan 21, 2022
Cross-site Scripting in HTML2PDF High
CVE-2021-45394 was published for spipu/html2pdf (Composer) Jan 21, 2022
Cross-site Scripting in pimcore Moderate
CVE-2022-0262 was published for pimcore/pimcore (Composer) Jan 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database