Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,886 advisories

Loading
Firefly III vulnerable to stored XSS Moderate
CVE-2019-13645 was published for grumpydictator/firefly-iii (Composer) May 24, 2022
Pi Cross-site Scripting vulnerability Moderate
CVE-2017-7251 was published for pi/pi (Composer) May 13, 2022
baserCMS Cross-site Scripting vulnerability Moderate
CVE-2016-4880 was published for baserproject/basercms (Composer) May 17, 2022
PrestaShop has potential Information exposure in the upload directory Moderate
CVE-2022-46158 was published for prestashop/prestashop (Composer) Dec 8, 2022
Microweber Incorrect Permission Assignment for Critical Resource vulnerability Moderate
CVE-2022-0277 was published for microweber/microweber (Composer) Jan 21, 2022
libconnect Extension for Typo3 Vulnerable to XSS Moderate
CVE-2022-33157 was published for subhh/libconnect (Composer) Jul 13, 2022
Dolibarr ERP and CRM contain XSS Vulnerability Moderate
CVE-2021-33618 was published for dolibarr/dolibarr (Composer) May 24, 2022
Moodle reflected XSS Moderate
CVE-2021-32478 was published for moodle/moodle (Composer) Mar 12, 2022
Studio 42 elFinder allows stored XSS Moderate
CVE-2021-45919 was published for studio-42/elfinder (Composer) Feb 10, 2022
RosarioSIS XSS Vulnerability Moderate
CVE-2021-45416 was published for francoisjacquet/rosariosis (Composer) Feb 2, 2022
Symfony vulnerable to Session Fixation of CSRF tokens Moderate
CVE-2022-24895 was published for symfony/security-bundle (Composer) Feb 1, 2023
nicolas-grekas lavish
Credited to nicolas-grekas and lavish
Moodle contains Stored XSS via ID number user profile field Moderate
CVE-2021-20279 was published for moodle/moodle (Composer) May 24, 2022
phpBB allows CSRF Moderate
CVE-2020-5502 was published for phpbb/phpbb (Composer) May 24, 2022
Dolibarr ERP and CRM contain XSS Vulnerability Moderate
CVE-2020-9016 was published for dolibarr/dolibarr (Composer) May 24, 2022
jh_captcha for Typo3 XSS Vulnerability Moderate
CVE-2020-15514 was published for haffner/jh_captcha (Composer) May 24, 2022
Moodle XSS Vulnerability Moderate
CVE-2020-1691 was published for moodle/moodle (Composer) Aug 6, 2022
Moodle reflected XSS Vulnerability Moderate
CVE-2020-14320 was published for moodle/moodle (Composer) Aug 17, 2022
Dompdf before v2.0.0 vulnerable to chroot check bypass Moderate
CVE-2022-2400 was published for dompdf/dompdf (Composer) Jul 19, 2022
Kirby CMS vulnerable to user enumeration in the brute force protection Moderate
CVE-2022-39315 was published for getkirby/cms (Composer) Oct 18, 2022
Cross-site Scripting in Parsedown Moderate
CVE-2018-1000162 was published for erusev/parsedown (Composer) Mar 30, 2022
Centreon Sensitive Data Exposure vulnerability Moderate
CVE-2020-10945 was published for centreon/centreon (Composer) May 24, 2022
Fork CMS Cross-site Scripting Vulnerability Moderate
CVE-2020-13633 was published for forkcms/forkcms (Composer) May 24, 2022
ke_search for Typo3 XSS Vulnerability Moderate
CVE-2020-15517 was published for tpwd/ke_search (Composer) May 24, 2022
silverstripe-advancedreports vulnerable to XSS Moderate
CVE-2020-25102 was published for silverstripe-australia/advancedreports (Composer) May 24, 2022
PHPServerMon PRNG has Insufficient Entropy Moderate
CVE-2021-4241 was published for phpservermon/phpservermon (Composer) Nov 16, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database