Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,700
Maven
5,000+
npm
4,328
NuGet
761
pip
4,100
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,886 advisories

Loading
Cross-site Scripting (XSS) in Document Types Moderate
CVE-2023-1429 was published for pimcore/pimcore (Composer) Mar 16, 2023
khanhchauminh
Credited to khanhchauminh
Pimcore vulnerable to improper quoting of filters in Custom Reports Moderate
CVE-2023-28438 was published for pimcore/pimcore (Composer) Mar 22, 2023
Cross-site Scripting (XSS) in UrlSlug Data type Moderate
CVE-2023-28106 was published for pimcore/pimcore (Composer) Mar 17, 2023
svg-sanitizer has Cross-site Scripting Bypass Moderate
CVE-2023-28426 was published for enshrined/svg-sanitize (Composer) Mar 20, 2023 withdrawn
Cyxow ohader
Credited to Cyxow and ohader
Password Shucking Vulnerability Moderate
CVE-2023-27580 was published for codeigniter4/shield (Composer) Mar 13, 2023
jreklund
Credited to jreklund
Improper Authorization in nilsteampassnet/teampass Moderate
CVE-2023-1463 was published for nilsteampassnet/teampass (Composer) Mar 17, 2023
Pimcore vulnerable to Cross-site Scripting (XSS) in Redirects Moderate
CVE-2023-1515 was published for pimcore/pimcore (Composer) Mar 20, 2023
khanhchauminh
Credited to khanhchauminh
Pimcore has Cross site Scripting vulnerability in Schedule tab of Documents Moderate
CVE-2023-1517 was published for pimcore/pimcore (Composer) Mar 20, 2023
khanhchauminh
Credited to khanhchauminh
frp_form_answers allows Cross-site Scripting Moderate
CVE-2023-26091 was published for frappant/frp-form-answers (Composer) Feb 26, 2023
LibreNMS vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-36745 was published for librenms/librenms (Composer) Aug 31, 2022
tdunlap607
Credited to tdunlap607
Withdrawn Advisory: Pimcore vulnerable to Cross-site Scripting Moderate
CVE-2023-1247 was published for pimcore/pimcore (Composer) Mar 7, 2023 withdrawn
valantic-cx-alps
Credited to valantic-cx-alps
Moodle may allow students to bypass sequential navigation during a quiz attempt Moderate
CVE-2022-40208 was published for moodle/moodle (Composer) Mar 24, 2023
phpSysInfo allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence Moderate
CVE-2006-3360 was published for phpsysinfo/phpsysinfo (Composer) May 1, 2022
Concrete CMS vulnerable to Cross-site Scripting Moderate
CVE-2022-43688 was published for concrete5/concrete5 (Composer) Nov 15, 2022
tdunlap607
Credited to tdunlap607
Duplicate Advisory: pimcore is vulnerable to cross-site scripting in translate module Moderate
GHSA-rp78-4562-gx3c was published for pimcore/pimcore (Composer) Mar 29, 2023 withdrawn
Duplicate Advisory: Pimcore Cross-site scripting in Predefined Asset Metadata module in Settings Moderate
GHSA-69fc-v223-6rjw was published for pimcore/pimcore (Composer) Mar 29, 2023 withdrawn
Duplicate Advisory: Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings Moderate
GHSA-6mmf-qm37-pmgg was published for pimcore/pimcore (Composer) Mar 29, 2023 withdrawn
Complianz WordPress plugin vulnerable to cross-site scripting Moderate
CVE-2023-1069 was published for really-simple-plugins/complianz-gdpr (Composer) Mar 27, 2023
Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings Moderate
CVE-2023-1701 was published for pimcore/pimcore (Composer) Mar 31, 2023
nhaanhaa
Credited to nhaanhaa
Pimcore Cross-site Scripting in Predefined Asset Metadata module in Settings Moderate
CVE-2023-1702 was published for pimcore/pimcore (Composer) Mar 31, 2023
nhaanhaa
Credited to nhaanhaa
pimcore is vulnerable to cross-site scripting in translate module Moderate
CVE-2023-1704 was published for pimcore/pimcore (Composer) Mar 31, 2023
ghostbit11
Credited to ghostbit11
Pimcore Perspective Editor vulnerable to stored cross-site scripting (XSS) in perspective name Moderate
CVE-2023-28850 was published for pimcore/perspective-editor (Composer) Apr 3, 2023
cupc4k3
Credited to cupc4k3
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext Moderate
GHSA-fxwm-rx68-p5vx was published for ezsystems/ezplatform-richtext (Composer) Dec 1, 2021
tdunlap607
Credited to tdunlap607
php-mod/curl allows Cross-site Scripting Moderate
CVE-2021-30134 was published for php-mod/curl (Composer) Dec 26, 2022
tdunlap607
Credited to tdunlap607
pimcore is vulnerable to cross-site scripting in Composite indices key field Moderate
CVE-2023-1703 was published for pimcore/pimcore (Composer) Apr 4, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database