Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,489
Maven
5,000+
npm
4,106
NuGet
735
pip
3,928
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,288 advisories

Loading
melisplatform/melis-asset-manager vulnerable to Path Traversal High
CVE-2022-39296 was published for melisplatform/melis-asset-manager (Composer) Oct 11, 2022
CSRF issue on preview pages in Bolt CMS High
CVE-2020-4040 was published for bolt/bolt (Composer) Jun 9, 2020
staz0t
The filename of uploaded files vulnerable to stored XSS High
CVE-2020-4041 was published for bolt/bolt (Composer) Jun 9, 2020
staz0t
Missing password strength check in notrinos/notrinos-erp High
CVE-2022-2927 was published for notrinos/notrinos-erp (Composer) Aug 23, 2022
Exposure of password hashes in notrinos/notrinos-erp High
CVE-2022-2921 was published for notrinos/notrinos-erp (Composer) Aug 22, 2022
Cachet vulnerable to forced reinstall High
CVE-2021-39173 was published for cachethq/cachet (Composer) Aug 30, 2021
thomas-chauchefoin-sonarsource
Command injection in librenms High
CVE-2022-29712 was published for librenms/librenms (Composer) Jun 3, 2022
Cachet configuration leak High
CVE-2021-39174 was published for cachethq/cachet (Composer) Aug 30, 2021
thomas-chauchefoin-sonarsource
SQL Injection in dolibarr High
CVE-2022-0224 was published for dolibarr/dolibarr (Composer) Jan 21, 2022
Possible cross-site scripting attack via unsanitized SVG files in FoF Upload High
CVE-2022-30999 was published for fof/upload (Composer) May 25, 2022
Caesar302
ICEcoder vulnerable to Path Traversal High
CVE-2022-34026 was published for icecoder/icecoder (Composer) Sep 23, 2022
Feehi CMS arbitrary code execution via crafted PHP file High
CVE-2022-34971 was published for feehi/cms (Composer) Jul 28, 2022
LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0 High
CVE-2022-31158 was published for packbackbooks/lti-1-3-php-library (Composer) Jul 15, 2022
melisplatform/melis-cms vulnerable to deserialization of untrusted data High
CVE-2022-39297 was published for melisplatform/melis-cms (Composer) Oct 11, 2022
melisplatform/melis-front vulnerable to deserialization of untrusted data High
CVE-2022-39298 was published for melisplatform/melis-front (Composer) Oct 11, 2022
Flarum post mentions can be used to read any post on the forum without access control High
CVE-2023-22487 was published for flarum/mentions (Composer) Jan 10, 2023
clarkwinkelmann
Valinor error messages leading to potential data exfiltration before v0.12.0 High
CVE-2022-31140 was published for cuyz/valinor (Composer) Jul 12, 2022
Code injection in concrete CMS High
CVE-2022-21829 was published for concrete5/core (Composer) Jun 25, 2022
Code injection in grav High
CVE-2022-2073 was published for getgrav/grav (Composer) Jun 30, 2022
Improper quoting of columns when using setOrderBy() or setGroupBy() on listing classes in Pimcore High
CVE-2022-31092 was published for pimcore/pimcore (Composer) Jun 22, 2022
Code injection in Elefant CMS High
CVE-2017-20064 was published for elefant/cms (Composer) Jun 21, 2022
Known vulnerable to account takeover via host header injection attack in v1.3.1 High
CVE-2022-33011 was published for idno/known (Composer) Jul 9, 2022
Cross-Site Request Forgery in Elefant CMS High
CVE-2017-20062 was published for elefant/cms (Composer) Jun 21, 2022
October CMS upload process vulnerable to RCE via Race Condition High
CVE-2022-24800 was published for october/system (Composer) Jul 13, 2022
Unrestricted Upload of File with Dangerous Type in Elefant CMS High
CVE-2017-20063 was published for elefant/cms (Composer) Jun 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database