Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,726
Maven
5,000+
npm
4,331
NuGet
763
pip
4,107
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,887 advisories

Loading
Typo3 Open Redirect In Frontend Rendering Moderate
CVE-2014-9508 was published for typo3/cms (Composer) May 17, 2022
TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component Moderate
CVE-2013-7073 was published for typo3/cms (Composer) May 17, 2022
Drupal Unprivileged access to config export Moderate
CVE-2016-7572 was published for drupal/core (Composer) May 17, 2022
Drupal Cross-site scripting (XSS) vulnerability Moderate
CVE-2016-7571 was published for drupal/core (Composer) May 17, 2022
Drupal Users without "Administer comments" can set comment visibility on nodes they can edit Moderate
CVE-2016-7570 was published for drupal/core (Composer) May 17, 2022
Drupal sensitive information disclosure Moderate
CVE-2016-3170 was published for drupal/core (Composer) May 17, 2022
Drupal Reflected file download vulnerability Moderate
CVE-2016-3168 was published for drupal/core (Composer) May 17, 2022
Drupal CRLF injection vulnerability in the drupal_set_header function Moderate
CVE-2016-3166 was published for drupal/core (Composer) May 17, 2022
Dolibarr ERP and CRM contain XSS Vulnerabilities Moderate
CVE-2016-1912 was published for dolibarr/dolibarr (Composer) May 17, 2022
Typo3 XSS Vulnerability Moderate
CVE-2015-8755 was published for typo3/cms (Composer) May 17, 2022
TYPO3 allows remote attackers to embed Flash videos from external domain Moderate
CVE-2015-8760 was published for typo3/cms (Composer) May 17, 2022
TYPO3 CMS indexed search Cross-site Scripting vulnerability Moderate
CVE-2015-8756 was published for typo3/cms (Composer) May 17, 2022
TYPO3 Cross-site Scripting vulnerability Moderate
CVE-2015-8759 was published for typo3/cms (Composer) May 17, 2022
Cross-site Scripting in SmartyException Moderate
CVE-2012-4437 was published for smarty/smarty (Composer) May 17, 2022
Cross-site scripting vulnerability in includes/actions/InfoAction.php Moderate
CVE-2014-2853 was published for mediawiki/core (Composer) May 17, 2022
Rudloff
Credited to Rudloff
The Preview plugin in CKEditor allows Cross-site scripting (XSS) Moderate
CVE-2014-5191 was published for ckeditor/ckeditor (Composer) May 17, 2022
October CMS XSS In Caption Tag of Profile Moderate
CVE-2015-5612 was published for october/october (Composer) May 17, 2022
ImpressCMS Path Traversal to Arbitrary File Delete Moderate
CVE-2014-1836 was published for impresscms/impresscms (Composer) May 17, 2022
ZF-Commons ZfcUser Vulnerable to XSS in Login Redirect Moderate
CVE-2015-1039 was published for zf-commons/zfc-user (Composer) May 17, 2022
Symfony Denial of Service Via Long Password Hashing Moderate
CVE-2013-5958 was published for symfony/polyfill (Composer) May 17, 2022
phpThumb is vulnerable to Server-Side Request Forgery (SSRF) Moderate
CVE-2013-6919 was published for james-heinrich/phpthumb (Composer) May 17, 2022
TYPO3 powermail extension allows remote attackers to bypass CAPTCHA protection mechanism Moderate
CVE-2014-6288 was published for in2code/powermail (Composer) May 17, 2022
ImpressCMS Cross-site scripting Vulnerability Moderate
CVE-2014-4036 was published for impresscms/impresscms (Composer) May 17, 2022
GeSHi vulnerable to Cross-site Scripting Moderate
CVE-2012-3522 was published for geshi/geshi (Composer) May 17, 2022
PHPExcel vulnerable to XXE attacks through libxml Moderate
CVE-2014-2054 was published for phpoffice/phpexcel (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database