Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,291 advisories

Loading
Cross site scripting (XSS) in wwbn/avideo High
GHSA-2fch-hv74-fgw9 was published for wwbn/avideo (Composer) Apr 26, 2023
gonzxph
Cross-site scripting (XSS) from field and configuration text displayed in the Panel High
CVE-2021-32735 was published for getkirby/cms (Composer) Jul 2, 2021
hdodov tdunlap607
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) in FAQ comment username parameter High
CVE-2023-1758 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
Appwrite Server-Side Request Forgery vulnerability High
CVE-2023-27159 was published for appwrite/server-ce (Composer) Mar 31, 2023
thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management High
CVE-2023-1762 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
Froxlor vulnerable to Command Injection High
CVE-2023-0315 was published for froxlor/froxlor (Composer) Jan 16, 2023
Unrestricted Uploads in Concrete5 High
CVE-2020-11476 was published for concrete5/concrete5 (Composer) Nov 3, 2021
tdunlap607
thorsten/phpmyfaq vulnerable to authentication bypass High
CVE-2023-1886 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
Microweber vulnerable to stored cross-site scripting (XSS) via X-Forwarded-For header High
CVE-2023-1881 was published for microweber/microweber (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to DOM cross-site scripting (XSS) via configuration privacy note URL parameter High
CVE-2023-1882 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via artlang parameter High
CVE-2023-1880 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via adminlog High
CVE-2023-1878 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via FAQ News link parameter High
CVE-2023-1757 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
SQL injection in ImpressCMS High
CVE-2022-26986 was published for impresscms/impresscms (Composer) Apr 6, 2022
Unrestricted Upload of File with Dangerous Type in MODX Revolution High
CVE-2022-26149 was published for modx/revolution (Composer) Feb 27, 2022
Teampass SQL Injection vulnerability High
CVE-2023-1545 was published for nilsteampassnet/teampass (Composer) Mar 21, 2023
Code Injection in alextselegidis/easyappointments High
CVE-2023-1367 was published for alextselegidis/easyappointments (Composer) Mar 13, 2023
Improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model High
CVE-2023-28108 was published for pimcore/pimcore (Composer) Mar 17, 2023
Company admin role gives excessive privileges in eZ Platform Ibexa High
CVE-2022-48365 was published for ezsystems/ezplatform-kernel (Composer) Mar 12, 2023
DDOS attack on graphql endpoints High
CVE-2023-28104 was published for silverstripe/graphql (Composer) Mar 16, 2023
GuySartorelli
Multi-Factor Authentication issue in Laravel Fortify High
CVE-2022-25838 was published for laravel/fortify (Composer) Feb 25, 2022
cockpit-hq/cockpit is vulnerable to unrestricted file uploads High
CVE-2023-1313 was published for cockpit-hq/cockpit (Composer) Mar 10, 2023
api-platform/core's secured properties may be accessible within collections High
CVE-2023-25575 was published for api-platform/core (Composer) Feb 28, 2023
Toflar soyuka
Moodle vulnerable to Server-Side Request Forgery High
CVE-2021-36396 was published for moodle/moodle (Composer) Mar 6, 2023
Moodle vulnerable to Uncontrolled Resource Consumption High
CVE-2021-36395 was published for moodle/moodle (Composer) Mar 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database