Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

4,870 advisories

Loading
HTML Purifier allows remote attackers to obtain sensitive information Moderate
CVE-2011-3744 was published for ezyang/htmlpurifier (Composer) May 17, 2022
Rudloff
HTML Purifier Cross-site Scripting vulnerability Moderate
CVE-2007-3498 was published for ezyang/htmlpurifier (Composer) May 1, 2022
Rudloff
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration Moderate
CVE-2022-23504 was published for typo3/cms (Composer) Dec 13, 2022
ohader darth-hader
Logic flaw in Funadmin High
CVE-2024-48227 was published for funadmin/funadmin (Composer) Oct 25, 2024
Fluid Components TYPO3 extension vulnerable to Cross-Site Scripting Moderate
CVE-2023-28604 was published for sitegeist/fluid-components (Composer) Mar 27, 2023
SQL injection in funadmin High
CVE-2024-48229 was published for funadmin/funadmin (Composer) Oct 25, 2024
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Edit Email Form Settings Feature Moderate
CVE-2024-46998 was published for baserproject/basercms (Composer) Oct 24, 2024
ayato-shitomi
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts Feature Moderate
CVE-2024-46996 was published for baserproject/basercms (Composer) Oct 24, 2024
ayato-shitomi
Cross site scripting in ameos_tarteaucitron Moderate
CVE-2022-33155 was published for ameos/ameos_tarteaucitron (Composer) Jul 13, 2022
Rudloff
Funadmin Cross-site Scripting vulnerability Low
CVE-2024-48228 was published for funadmin/funadmin (Composer) Oct 26, 2024
Studio 42 elFinder vulnerable to Incorrect Access Control High
CVE-2024-38909 was published for studio-42/elfinder (Composer) Jul 30, 2024
Pterodactyl Panel has plain-text logging of user passwords when two-factor authentication is disabled Moderate
CVE-2024-49762 was published for pterodactyl/panel (Composer) Oct 24, 2024
pebblehosts
ai-admin-graphql has a Denial of service vulnerability in SaaS and marketplace setups Moderate
CVE-2024-47173 was published for aimeos/ai-admin-graphql (Composer) Oct 24, 2024
ssshah2131
baserCMS has a Cross-site Scripting (XSS) Vulnerability in HTTP 400 Bad Request Moderate
CVE-2024-46995 was published for baserproject/basercms (Composer) Oct 24, 2024
baserCMS has a Cross-site Scripting (XSS) Vulnerability in Blog posts and Contents list Feature Moderate
CVE-2024-46994 was published for baserproject/basercms (Composer) Oct 24, 2024
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting Critical
CVE-2024-47186 was published for filament/infolists (Composer) Sep 27, 2024
sv-LayZ danharrin
SQL injection in funadmin High
CVE-2024-48231 was published for funadmin/funadmin (Composer) Oct 21, 2024
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module Moderate
CVE-2024-24751 was published for derhansen/sf_event_mgt (Composer) Feb 13, 2024
derhansen
Cross-site Scripting via uploaded SVG Moderate
CVE-2024-47618 was published for sulu/sulu (Composer) Oct 3, 2024
alexander-schranz
Path traversal in redaxo Moderate
CVE-2024-46212 was published for redaxo/source (Composer) Oct 16, 2024
Bref's Uploaded Files Not Deleted in Event-Driven Functions Moderate
CVE-2024-24752 was published for bref/bref (Composer) Feb 1, 2024
smaury mnapoli
Injection of arbitrary HTML/JavaScript code through the media download URL Moderate
CVE-2024-47617 was published for sulu/sulu (Composer) Oct 3, 2024
Admidio Vulnerable to HTML Injection In The Messages Section Low
CVE-2024-47836 was published for admidio/admidio (Composer) Oct 16, 2024
Kakashi1234
LimeSurvey Cross Site Scripting vulnerability Moderate
CVE-2024-28710 was published for limesurvey/limesurvey (Composer) Oct 7, 2024
Magento Open Source Improper Authorization vulnerability High
CVE-2024-45132 was published for magento/community-edition (Composer) Oct 10, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database