Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,291 advisories

Loading
Admidio Improper Neutralization of Formula Elements in a CSV File vulnerability High
CVE-2023-3302 was published for admidio/admidio (Composer) Jun 23, 2023
SQL Injection in Translation Export API High
CVE-2023-30849 was published for pimcore/pimcore (Composer) Apr 27, 2023
SQL Injection in Admin Search Find API High
CVE-2023-30848 was published for pimcore/pimcore (Composer) Apr 27, 2023
SQL Injection in Admin Translations API High
CVE-2023-30850 was published for pimcore/pimcore (Composer) Apr 27, 2023
Cockpit Cross-site Scripting vulnerability High
CVE-2023-4196 was published for cockpit-hq/cockpit (Composer) Aug 6, 2023
PrestaShop XSS injection through Validate::isCleanHTML method High
CVE-2023-39527 was published for prestashop/prestashop (Composer) Aug 9, 2023
Cross site scripting in librenms High
CVE-2023-5060 was published for librenms/librenms (Composer) Sep 19, 2023
Froxlor vulnerable to Path Traversal High
CVE-2023-3172 was published for froxlor/froxlor (Composer) Jun 9, 2023
Magento LTS's guest order "protect code" can be brute-forced too easily High
CVE-2023-41879 was published for openmage/magento-lts (Composer) Sep 11, 2023
theroch fballiano
colinmollenhour
WWBN AVideo command injection vulnerability High
CVE-2023-32073 was published for wwbn/avideo (Composer) May 12, 2023
jmrcsnchz
Path traversal vulnerability in the file manager High
CVE-2023-29200 was published for contao/contao (Composer) Apr 26, 2023
SQL Injection in AssetController High
CVE-2023-2338 was published for pimcore/pimcore (Composer) Apr 27, 2023
rekter0
Arbitrary file read via SQL injection High
CVE-2023-30545 was published for prestashop/prestashop (Composer) Apr 26, 2023
truff77
teampass vulnerable to code injection High
CVE-2023-2591 was published for nilsteampassnet/teampass (Composer) May 9, 2023
grav Server-side Template Injection (SSTI) mitigation bypass High
CVE-2023-37897 was published for getgrav/grav (Composer) Jul 19, 2023
s4ex Malayke
zenstruck/collection passing callable string to EntityRepository::find() and query() High
CVE-2023-37473 was published for zenstruck/collection (Composer) Jul 14, 2023
kbond
Possible XSS injection through Validate::isCleanHTML method High
CVE-2023-30838 was published for prestashop/prestashop (Composer) Apr 25, 2023
touchweb-vincent
TeamPass information exposure vulnerability High
CVE-2023-3553 was published for nilsteampassnet/teampass (Composer) Jul 8, 2023
TeamPass vulnerable to Improper Encoding or Escaping of Output High
CVE-2023-3552 was published for nilsteampassnet/teampass (Composer) Jul 8, 2023
RosarioSIS Stores Sensitive Data in a Mechanism without Access Control High
CVE-2023-2665 was published for francoisjacquet/rosariosis (Composer) May 19, 2023
FoodCoopShop Server-Side Request Forgery vulnerability High
CVE-2023-46725 was published for foodcoopshop/foodcoopshop (Composer) Nov 2, 2023
asesidaa mrothauer
Insufficient Session Expiration in thorsten/phpmyfaq High
CVE-2023-5865 was published for thorsten/phpmyfaq (Composer) Oct 31, 2023
Flarum vulnerable to LFI and Blind SSRF via Avatar upload High
CVE-2023-40033 was published for flarum/core (Composer) Aug 16, 2023
OpenCart Path Traversal vulnerability High
CVE-2023-2315 was published for opencart/opencart (Composer) Sep 27, 2023
CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment High
CVE-2023-46240 was published for codeigniter4/framework (Composer) Oct 30, 2023
psuet
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database