Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,489
Maven
5,000+
npm
4,106
NuGet
735
pip
3,928
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

282 advisories

Loading
AzuraCast/AzuraCast vulnerable to cross-site scripting Low
CVE-2023-2191 was published for azuracast/azuracast (Composer) Apr 20, 2023
Stored cross site scripting in RSS displayer Low
CVE-2023-28820 was published for concrete5/concrete5 (Composer) Apr 28, 2023
Silverstripe Framework: Members with no password can be created and bypass custom login forms Low
CVE-2023-32302 was published for silverstripe/framework (Composer) Jul 31, 2023
sabina-talipova bimthebam
maxime-rainville
CraftCMS stored XSS in Quick Post widget error message Low
CVE-2023-33194 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
Admidio Improper Access Control vulnerability Low
CVE-2023-3303 was published for admidio/admidio (Composer) Jun 23, 2023
Froxlor vulnerable to business logic errors Low
CVE-2023-4304 was published for froxlor/froxlor (Composer) Aug 11, 2023
Magnesium-PHP Injection vulnerability Low
CVE-2017-20187 was published for floriangaerber/magnesium (Composer) Nov 5, 2023
Information Disclosure in typo3/cms-install tool Low
CVE-2023-47126 was published for typo3/cms-install (Composer) Nov 14, 2023
liayn
Ibexa ezplatform-kernel download route allows filename change Low
GHSA-gv2c-5g79-h73c was published for ezsystems/ezplatform-kernel (Composer) Nov 3, 2023
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability Low
CVE-2023-5551 was published for moodle/moodle (Composer) Nov 9, 2023
Concrete CMS Cross-site Scripting vulnerability Low
CVE-2023-48649 was published for concrete5/concrete5 (Composer) Nov 17, 2023
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names Low
CVE-2023-28819 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Microweber missing standardized error handling mechanism Low
CVE-2023-6599 was published for microweber/microweber (Composer) Dec 8, 2023
yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation Low
CVE-2023-50708 was published for yiisoft/yii2-authclient (Composer) Dec 18, 2023
rhertogh
Winter CMS Local File Inclusion through Server Side Template Injection Low
CVE-2023-52085 was published for winter/wn-backend-module (Composer) Jan 2, 2024
Sanineng
Winter CMS Stored XSS through Backend ColorPicker FormWidget Low
CVE-2023-52084 was published for winter/wn-backend-module (Composer) Dec 28, 2023
Sanineng
Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming Low
CVE-2023-52083 was published for winter/wn-system-module (Composer) Dec 28, 2023
Cyber-Wo0dy
Gila CMS SQL Injection vulnerability Low
CVE-2020-26624 was published for gilacms/gila (Composer) Jan 3, 2024
Gila CMS SQL Injection vulnerability Low
CVE-2020-26625 was published for gilacms/gila (Composer) Jan 3, 2024
Magento Information Disclosure vulnerability Low
CVE-2021-28566 was published for magento/community-edition (Composer) May 24, 2022
Magento information disclosure vulnerability Low
CVE-2020-24406 was published for magento/community-edition (Composer) May 24, 2022
Typo3 Backend API XSS Vulnerability Low
CVE-2012-6147 was published for typo3/cms (Composer) May 17, 2022
Typo3 Backend History Module Vulnerable to XSS Low
CVE-2012-6145 was published for typo3/cms (Composer) May 17, 2022
Typo3 Function Menu API XSS Vulnerability Low
CVE-2012-6148 was published for typo3/cms (Composer) May 17, 2022
Typo3 Backend XSS Vulnerability Low
CVE-2012-3528 was published for typo3/cms (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database