Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,722
Maven
5,000+
npm
4,329
NuGet
762
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,887 advisories

Loading
GeniXCMS denial of service (account blockage) Moderate
CVE-2017-14231 was published for genix/cms (Composer) May 17, 2022
Dolibarr ERP and CRM contain XSS Vulnerability Moderate
CVE-2017-14241 was published for dolibarr/dolibarr (Composer) May 17, 2022
fal_sftp extension for TYPO3 uses weak permissions for sFTP driver files and folders Moderate
CVE-2014-8327 was published for co-stack/fal_sftp (Composer) May 17, 2022
SimpleSAMLphp Unauthenticated encryption in CBC mode Moderate
CVE-2017-12870 was published for simplesamlphp/simplesamlphp (Composer) May 17, 2022
SimpleSAMLphp Incorrect IV generation for encryption Moderate
CVE-2017-12871 was published for simplesamlphp/simplesamlphp (Composer) May 17, 2022
zend-diactoros Cross-site Scripting (XSS) Moderate
CVE-2015-3257 was published for zendframework/zend-diactoros (Composer) May 17, 2022
TYPO3 Flow Cross-site scripting (XSS) vulnerability Moderate
CVE-2013-7082 was published for neos/flow (Composer) May 17, 2022
TYPO3 Cross-site scripting (XSS) vulnerability in the Backend User Administration Module Moderate
CVE-2013-7077 was published for typo3/cms-core (Composer) May 17, 2022
Typo3 Backend History Module Vulnerable to SQL Injection Moderate
CVE-2012-6144 was published for typo3/cms (Composer) May 17, 2022
Front End User Registration (sr_feuser_register) extension for TYPO3 allows remote attackers to obtain user names, passwords Moderate
CVE-2012-5890 was published for sjbr/sr-feuser-register (Composer) May 17, 2022
Typo3 Install Tool XSS Vulnerability Moderate
CVE-2012-3531 was published for typo3/cms (Composer) May 17, 2022
Typo3 API XSS Vulnerability Moderate
CVE-2012-3530 was published for typo3/cms (Composer) May 17, 2022
TYPO3 allows remote authenticated backend users to unserialize arbitrary objects Moderate
CVE-2012-3527 was published for typo3/cms (Composer) May 17, 2022
Typo3 Exception Handler XSS Moderate
CVE-2012-2112 was published for typo3/cms (Composer) May 17, 2022
Elefant CMS Multiple XSS Vulnerabilities Moderate
CVE-2012-1296 was published for elefant/cms (Composer) May 17, 2022
ForkCMS Directory Traversal vulnerability Moderate
CVE-2012-1207 was published for forkcms/forkcms (Composer) May 17, 2022
Fork CMS Multiple XSS Vulnerabilities Moderate
CVE-2012-1188 was published for forkcms/forkcms (Composer) May 17, 2022
phpMyAdmin vulnerable to XML external entity (XXE) injection attack Moderate
CVE-2011-4107 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
phpMyAdmin Directory Traversal Vulnerability Moderate
CVE-2011-2718 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
TYPO3 Sensitive Information Disclosure via escapeStrForLike method Moderate
CVE-2010-5104 was published for typo3/cms-core (Composer) May 17, 2022
TYPO3 SQL Injection vulnerability Moderate
CVE-2010-5103 was published for typo3/cms (Composer) May 17, 2022
TYPO3 Directory Traversal vulnerability Moderate
CVE-2010-5101 was published for typo3/cms (Composer) May 17, 2022
TYPO3 Path Traversal vulnerability Moderate
CVE-2010-5099 was published for typo3/cms (Composer) May 17, 2022
phpMyAdmin allows remote attackers to obtain installation path via direct request for nonexistent file Moderate
CVE-2011-0986 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
EC-CUBE XSS Vulnerabilities Moderate
CVE-2011-0451 was published for ec-cube/ec-cube (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database