Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,700
Maven
5,000+
npm
4,328
NuGet
761
pip
4,100
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,886 advisories

Loading
Firefly III insufficiently expires sessions Moderate
CVE-2023-1788 was published for grumpydictator/firefly-iii (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via HTML export Moderate
CVE-2023-1756 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter Moderate
CVE-2023-1879 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to cross-site scripting (XSS) via stopword parameter Moderate
CVE-2023-1884 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to improper access control Moderate
CVE-2023-1883 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via category field name parameter Moderate
CVE-2023-1885 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
Microweber vulnerable to command injection Moderate
CVE-2023-1877 was published for microweber/microweber (Composer) Apr 5, 2023
Cross-Site Request Forgery in Drupal core Moderate
CVE-2020-13674 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
Credited to tdunlap607
phpMyFAQ Code Injection vulnerability Moderate
CVE-2023-1761 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
aruneko
Credited to aruneko
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-1760 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-1759 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
phpMyFAQ Cross-site Scripting vulnerability Moderate
CVE-2023-1755 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
phpMyFAQ has weak password requirements Moderate
CVE-2023-1753 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
Duplicate Advisory: pimcore is vulnerable to cross-site scripting in classes module Moderate
GHSA-3r5c-h7g6-cqw7 was published for pimcore/pimcore (Composer) Mar 29, 2023 withdrawn
nilsteampassnet/teampass vulnerable to stored cross-site scripting (XSS) Moderate
CVE-2023-2021 was published for nilsteampassnet/teampass (Composer) Apr 13, 2023
Reflected XSS in Application Logger module Moderate
GHSA-2xpm-cmvw-3jcc was published for pimcore/pimcore (Composer) Mar 16, 2023
khanhchauminh
Credited to khanhchauminh
Firefly III vulnerable to improper input validation Moderate
CVE-2023-1789 was published for grumpydictator/firefly-iii (Composer) Apr 1, 2023
Cross site scripting in safe-svg Moderate
CVE-2022-1091 was published for darylldoyle/safe-svg (Composer) Apr 19, 2022
tdunlap607
Credited to tdunlap607
Microweber vulnerable to cross-site scripting (XSS) Moderate
CVE-2023-2014 was published for microweber/microweber (Composer) Apr 13, 2023
Improper header validation in httpsoft/http-message Moderate
GHSA-9jxr-mwpp-w643 was published for httpsoft/http-message (Composer) Apr 21, 2023
devanych
Credited to devanych
alextselegidis/easyappointments vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-2102 was published for alextselegidis/easyappointments (Composer) Apr 15, 2023
alextselegidis/easyappointments Improper Access Control vulnerability Moderate
CVE-2023-2104 was published for alextselegidis/easyappointments (Composer) Apr 15, 2023
alextselegidis/easyappointments Session Fixation vulnerability Moderate
CVE-2023-2105 was published for alextselegidis/easyappointments (Composer) Apr 15, 2023
phpBB Server-Side Request Forgery Vulnerability Moderate
CVE-2020-8226 was published for phpbb/phpbb (Composer) May 24, 2022
Rudloff
Credited to Rudloff
Improper Input Validation in nyholm/psr7 Moderate
GHSA-wjfc-pgfp-pv9c was published for nyholm/psr7 (Composer) Apr 21, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database