Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,700
Maven
5,000+
npm
4,328
NuGet
761
pip
4,100
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,886 advisories

Loading
Reflected XSS in Zen Cart before 1.5.7a Moderate
CVE-2020-6578 was published for zencart/zencart (Composer) May 24, 2022
Stored XSS in LavaLite 5.8.0 Moderate
CVE-2020-36395 was published for lavalite/cms (Composer) May 24, 2022
Cross Site Scripting (XSS) in LavaLite 5.8.0 Moderate
CVE-2020-28124 was published for lavalite/cms (Composer) May 24, 2022
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3728 was published for grumpydictator/firefly-iii (Composer) Aug 25, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3729 was published for grumpydictator/firefly-iii (Composer) Aug 25, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3730 was published for grumpydictator/firefly-iii (Composer) Aug 25, 2021
Cross Site Scripting in LavaLite CMS Moderate
CVE-2020-23234 was published for lavalite/cms (Composer) Aug 9, 2021
No Restriction of Excessive Authentication Attempts in Firefly III Moderate
CVE-2021-3663 was published for grumpydictator/firefly-iii (Composer) Aug 9, 2021
Stored XSS in LavaLite 5.8.0 Moderate
CVE-2020-36396 was published for lavalite/cms (Composer) May 24, 2022
Artesãos SEOTools Open Redirect vulnerability Moderate
CVE-2020-36664 was published for artesaos/seotools (Composer) Jul 6, 2023
baserCMS Access Control Bypass Moderate
CVE-2018-0573 was published for baserproject/basercms (Composer) May 13, 2022
XSS in PHP-Proxy-App through v3.0 Moderate
CVE-2018-19785 was published for athlon1600/php-proxy-app (Composer) May 14, 2022
Stored XSS in LavaLite 5.2.4 Moderate
CVE-2017-1000467 was published for lavalite/cms (Composer) May 14, 2022
XSS in baserCMS before 4.1.4 Moderate
CVE-2018-18943 was published for baserproject/basercms (Composer) May 14, 2022
Cosenary Instagram-PHP-API contains reflected XSS vulnerability Moderate
CVE-2019-14470 was published for cosenary/instagram (Composer) May 24, 2022
LavaLite Stored Cross-site Scripting vulnerability Moderate
CVE-2020-36397 was published for lavalite/cms (Composer) May 24, 2022
baserCMS arbitrary file upload vulnerability Moderate
CVE-2018-0571 was published for baserproject/basercms (Composer) May 14, 2022
CSRF in PHP Server Monitor before 3.3.2 Moderate
CVE-2018-18921 was published for phpservermon/phpservermon (Composer) May 14, 2022
Stored XSS in LavaLite 5.5 Moderate
CVE-2018-16551 was published for lavalite/cms (Composer) May 13, 2022
Cross-site Scripting in Zenario Moderate
CVE-2022-44073 was published for tribalsystems/zenario (Composer) Nov 16, 2022
Feehi CMS host header injection vulnerability Moderate
CVE-2022-38796 was published for feehi/cms (Composer) Sep 15, 2022
Feehi CMS Cross-site Scripting Moderate
CVE-2022-34140 was published for feehi/cms (Composer) Jul 29, 2022
Sensitive Data Exposure in elFinder Moderate
CVE-2019-5884 was published for studio-42/elfinder (Composer) May 13, 2022
XMPP Clients User Impersonation Vulnerability in Movim Moxl Moderate
CVE-2017-5605 was published for movim/moxl (Composer) May 17, 2022
Firefly III vulnerable to reflected cross-site scripting Moderate
CVE-2019-13646 was published for grumpydictator/firefly-iii (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database