GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,080
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+
1,331 advisories
Filter by severity
phpCAS vulnerable to Service Hostname Discovery Exploitation
High
CVE-2022-39369
was published
for
apereo/phpcas
(Composer)
Nov 1, 2022
Duplicate Advisory: Cross-Site Request Forgery in easyii CMS
High
CVE-2022-3772
was published
for
noumo/easyii
(Composer)
Oct 31, 2022
•
withdrawn
Prototype pollution in Snowboard framework
High
CVE-2022-39357
was published
for
wintercms/winter
(Composer)
Oct 27, 2022
Magento Improper input validation vulnerability
High
CVE-2022-42344
was published
for
magento/community-edition
(Composer)
Oct 20, 2022
phpMyFAQ vulnerable to Cross-site Scripting
High
CVE-2022-3608
was published
for
phpmyfaq/phpmyfaq
(Composer)
Oct 19, 2022
Lavalite vulnerable to Arbitrary File Read via Directory Traversal
High
CVE-2022-42188
was published
for
lavalite/cms
(Composer)
Oct 19, 2022
Magento Open Source allows Stored Cross-Site Scripting (Stored XSS)
High
CVE-2022-35698
was published
for
magento/community-edition
(Composer)
Oct 15, 2022
October CMS Safe Mode bypass leads to authenticated Remote Code Execution
High
CVE-2022-35944
was published
for
october/system
(Composer)
Oct 13, 2022
melisplatform/melis-asset-manager vulnerable to Path Traversal
High
CVE-2022-39296
was published
for
melisplatform/melis-asset-manager
(Composer)
Oct 11, 2022
melisplatform/melis-cms vulnerable to deserialization of untrusted data
High
CVE-2022-39297
was published
for
melisplatform/melis-cms
(Composer)
Oct 11, 2022
melisplatform/melis-front vulnerable to deserialization of untrusted data
High
CVE-2022-39298
was published
for
melisplatform/melis-front
(Composer)
Oct 11, 2022
Backdrop CMS Unrestricted File Upload vulnerability
High
CVE-2022-42092
was published
for
backdrop/backdrop
(Composer)
Oct 7, 2022
PHPMailer vulnerable to email header injection
High
CVE-2012-0796
was published
for
phpmailer/phpmailer
(Composer)
Oct 6, 2022
Moodle Cross-Site Request Forgery (CSRF)
High
CVE-2022-2986
was published
for
moodle/moodle
(Composer)
Oct 6, 2022
Moodle Stored Cross-site Scripting and page denial of service
High
CVE-2022-40313
was published
for
moodle/moodle
(Composer)
Oct 1, 2022
Twig may load a template outside a configured directory when using the filesystem loader
High
CVE-2022-39261
was published
for
twig/twig
(Composer)
Sep 30, 2022
Centreon SQL Injection vulnerability via esc_name parameter
High
CVE-2022-40043
was published
for
centreon/centreon
(Composer)
Sep 27, 2022
Dompdf allows remote file inclusion because URI validation failure does not halt font registration
High
CVE-2022-41343
was published
for
dompdf/dompdf
(Composer)
Sep 26, 2022
ICEcoder vulnerable to Path Traversal
High
CVE-2022-34026
was published
for
icecoder/icecoder
(Composer)
Sep 23, 2022
RosarioSIS before 10.1 vulnerable to Improper Handling of Length Parameter Inconsistency
High
CVE-2022-2714
was published
for
francoisjacquet/rosariosis
(Composer)
Sep 7, 2022
Cross-site scripting from content entered in the tags and multiselect fields
High
GHSA-rv3r-vqjj-8c76
was published
for
getkirby/cms
(Composer)
Aug 30, 2022
exceedone/exment and exceedone/laravel-admin SQL Injection vulnerability
High
CVE-2022-37333
was published
for
exceedone/exment
(Composer)
Aug 25, 2022
Missing password strength check in notrinos/notrinos-erp
High
CVE-2022-2927
was published
for
notrinos/notrinos-erp
(Composer)
Aug 23, 2022
Exposure of password hashes in notrinos/notrinos-erp
High
CVE-2022-2921
was published
for
notrinos/notrinos-erp
(Composer)
Aug 22, 2022
PocketMine-MP invalid skin geometry JSON data leading to server crash
High
GHSA-8cwq-4cmf-px73
was published
for
pocketmine/pocketmine-mp
(Composer)
Aug 18, 2022
ProTip!
Advisories are also available from the
GraphQL API