Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,869 advisories

Loading
Paymorrow Improper Input Validation vulnerability Moderate
CVE-2018-14020 was published for oxid-esales/paymorrow-module (Composer) May 13, 2022
Yab Quarx persistent cross-site scripting vulnerability Moderate
CVE-2018-7274 was published for yab/quarx (Composer) May 13, 2022
Drupal file REST resource does not properly validate Moderate
CVE-2017-6921 was published for drupal/core (Composer) May 13, 2022
Drupal Reflected file download vulnerability Moderate
CVE-2016-3168 was published for drupal/core (Composer) May 17, 2022
Drupal Views can allow unauthorized users to see Statistics information Moderate
CVE-2016-6212 was published for drupal/core (Composer) May 17, 2022
Drupal Denial of service via transliterate mechanism Moderate
CVE-2016-9452 was published for drupal/core (Composer) May 17, 2022
Drupal Open Redirect Moderate
CVE-2016-9451 was published for drupal/core (Composer) May 17, 2022
Securimage HTML Injection Moderate
CVE-2017-14077 was published for dapphp/securimage (Composer) May 13, 2022
HTML Purifier cross-site scripting (XSS) vulnerability Moderate
CVE-2010-4183 was published for ezyang/htmlpurifier (Composer) May 13, 2022
HTML Purifier Cross-site Scripting (XSS) vulnerability Moderate
CVE-2010-2479 was published for ezyang/htmlpurifier (Composer) May 17, 2022
JetPack Exposure of Resource to Wrong Sphere Moderate
CVE-2021-24374 was published for automattic/jetpack (Composer) May 24, 2022
OpenCart Stored Cross-Site Scripting Moderate
CVE-2020-29471 was published for opencart/opencart (Composer) May 24, 2022
OpenCart Cross-site Scripting (XSS) in the Subject field of mail. Moderate
CVE-2020-29470 was published for opencart/opencart (Composer) May 24, 2022
PrestaShop Cross-site Scripting vulnerability Moderate
CVE-2019-11876 was published for prestashop/prestashop (Composer) May 24, 2022
Drupal Cross Site Scripting (XSS) vulnerability Moderate
CVE-2019-6341 was published for drupal/core (Composer) May 24, 2022
laracom Cross-site Scripting Moderate
CVE-2019-15489 was published for jsdecena/laracom (Composer) May 24, 2022
OpenCart Cross-site Scripting Moderate
CVE-2020-13980 was published for opencart/opencart (Composer) May 24, 2022
Cross-site Scripting in phpmyadmin Moderate
CVE-2022-23808 was published for phpmyadmin/phpmyadmin (Composer) Jan 28, 2022
Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager Moderate
CVE-2021-23814 was published for unisharp/laravel-filemanager (Composer) Jan 6, 2022
streamtw
Credited to streamtw
Improper Authentication in phpmyadmin Moderate
CVE-2022-23807 was published for phpmyadmin/phpmyadmin (Composer) Jan 28, 2022
PHP file inclusion via insert tags Moderate
CVE-2021-37626 was published for contao/contao (Composer) Aug 23, 2021
ausi
Credited to ausi
Contao Insert tag injection in forms Moderate
CVE-2020-25768 was published for contao/contao (Composer) Sep 24, 2020
Information disclosure in the Contao backend Moderate
CVE-2019-19712 was published for contao/contao (Composer) Dec 17, 2019
Insert tag injection in the Contao login module Moderate
CVE-2019-19714 was published for contao/contao (Composer) Dec 17, 2019
Moodle may display roles to users who don't have access to them Moderate
CVE-2023-1402 was published for moodle/moodle (Composer) Mar 23, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database