Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,690
Maven
5,000+
npm
4,320
NuGet
760
pip
4,096
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,883 advisories

Loading
Typo3 API Install Tool vulnerable to Cross-site Scripting Moderate
CVE-2009-3636 was published for typo3/cms-install (Composer) May 2, 2022
TYPO3 API function vulnerable to Cross-site Scripting Moderate
CVE-2009-3633 was published for typo3/cms-core (Composer) May 2, 2022
TYPO3 Backend vulnerable to Frame Hijacking Moderate
CVE-2009-3630 was published for typo3/cms-backend (Composer) May 2, 2022
TYPO3 Backend Discloses Encryption Key Moderate
CVE-2009-3628 was published for typo3/cms-backend (Composer) May 2, 2022
Symfony Host Header Injection vulnerability in the HttpFoundation component Moderate
CVE-2013-4752 was published for symfony/http-foundation (Composer) May 5, 2022
Symfony HTTP Foundation web cache poisoning Moderate
CVE-2018-14773 was published for symfony/http-foundation (Composer) May 13, 2022
llupa
Credited to llupa
Symfony Incorrect Access Control Moderate
CVE-2015-4050 was published for symfony/http-kernel (Composer) May 17, 2022
ckeditor4 vulnerable to cross-site scripting Moderate
CVE-2021-33829 was published for ckeditor4 (Composer) Jun 21, 2021
TYPO3 cross-site scripting (XSS) vulnerability in the RemoveXSS function and the backend Moderate
CVE-2010-3715 was published for typo3/cms-backend (Composer) May 17, 2022
TYPO3 Sensitive Information Disclosure via escapeStrForLike method Moderate
CVE-2010-5104 was published for typo3/cms-core (Composer) May 17, 2022
TYPO3 Cross-site Scripting vulnerability in the extension manager and backend forms Moderate
CVE-2010-3659 was published for typo3/cms-backend (Composer) May 17, 2022
Moodle Cross-site Scripting vulnerability in the KSES text cleaning filter Moderate
CVE-2010-2230 was published for moodle/moodle (Composer) May 13, 2022
ImpressCMS Cross-site Scripting vulnerability via quicksearch_ContentContent parameter Moderate
CVE-2010-4616 was published for impresscms/impresscms (Composer) May 14, 2022
phpCAS client library and Moodle Cross-site Scripting vulnerability Moderate
CVE-2010-1618 was published for apereo/phpcas (Composer) May 13, 2022
Moodle is vulnerable to unauthorized new accounts creation Moderate
CVE-2010-1616 was published for moodle/moodle (Composer) May 13, 2022
TYPO3 is vulnerable to insecure randomness during hash generation in forgot password function Moderate
CVE-2010-3670 was published for typo3/cms-frontend (Composer) Apr 21, 2022
TYPO3 is vulnerable to Session Fixation Moderate
CVE-2010-3671 was published for typo3/cms-install (Composer) Apr 21, 2022
Pimcore Admin Classic Bundle permissions are not getting checked when working with tags Moderate
CVE-2024-24822 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 7, 2024
v32y142y
Credited to v32y142y
ZendXml and Zend Framework contain XXE and XEE Vulnerabilities Moderate
CVE-2015-5161 was published for zendframework/zendframework (Composer) May 17, 2022
SimpleSAMLphp XSS Vulnerability Moderate
CVE-2017-18121 was published for simplesamlphp/simplesamlphp (Composer) May 14, 2022
Smarty Path Traversal Vulnerability Moderate
CVE-2018-16831 was published for smarty/smarty (Composer) May 14, 2022
Ocramius
Credited to Ocramius
Moodle cross-site scripting (XSS) vulnerabilities Moderate
CVE-2013-7341 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Credited to MarkLee131
Cross-Site Scripting via Rich-Text Content Moderate
CVE-2021-32768 was published for typo3/cms (Composer) Aug 19, 2021
sushiwushi ohader
einpraegsam
Credited to sushiwushi, ohader, and einpraegsam
Denial of Service in Page Error Handling Moderate
CVE-2021-21359 was published for typo3/cms (Composer) Mar 23, 2021
derhansen
Credited to derhansen
Typo3 Cross-Site Scripting in Link Handling Moderate
CVE-2019-12748 was published for typo3/cms (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database