Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,701
Maven
5,000+
npm
4,328
NuGet
761
pip
4,103
Pub
12
RubyGems
958
Rust
1,064
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,886 advisories

Loading
TYPO3 Extension femanager vulnerable to Broken Access Control Moderate
CVE-2022-44543 was published for in2code/femanager (Composer) Nov 3, 2022
Insecure Direct Object Reference in extension "Content Consent" (content_consent) Moderate
CVE-2023-50462 was published for t3s/content-consent (Composer) Dec 13, 2023
Broken Access Control in extension "femanager" Moderate
CVE-2023-50459 was published for in2code/femanager (Composer) Dec 13, 2023
Denial of service caused by infinite recursion when parsing SVG document Moderate
CVE-2023-50251 was published for phenx/php-svg-lib (Composer) Dec 13, 2023
cod3beat
Credited to cod3beat
ConcreteCMS Cross-site Scripting vulnerability Moderate
CVE-2023-44765 was published for concrete5/concrete5 (Composer) Oct 6, 2023
MarkLee131
Credited to MarkLee131
ConcreteCMS Cross-site Scripting vulnerability Moderate
CVE-2023-44761 was published for concrete5/concrete5 (Composer) Oct 6, 2023
MarkLee131
Credited to MarkLee131
Reflected cross site scripting Moderate
CVE-2023-28475 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Credited to MarkLee131
Stored cross site scripting on API integration Moderate
CVE-2023-28477 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Credited to MarkLee131
Concrete CMS missing secure cookie parameters Moderate
CVE-2023-28472 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Credited to MarkLee131
MAGMI plugin for Magento Server Directory Traversal Moderate
CVE-2015-2067 was published for dweeves/magmi (Composer) May 13, 2022
Moodle XSS Vulnerability Moderate
CVE-2015-5337 was published for moodle/moodle (Composer) May 13, 2022
Moodle improper access control Moderate
CVE-2015-5331 was published for moodle/moodle (Composer) May 13, 2022
Symphony CMS XSS Vulnerabilities Moderate
CVE-2015-8766 was published for symphonycms/symphony-2 (Composer) May 13, 2022
Silverstripe CMS XSS Vulnerability Moderate
CVE-2015-8606 was published for silverstripe/cms (Composer) May 13, 2022
UniSharp Laravel Filemanager directory traversal vulnerability Moderate
CVE-2022-40734 was published for unisharp/laravel-filemanager (Composer) Sep 15, 2022
streamtw
Credited to streamtw
Microweber Business Logic Errors Moderate
CVE-2023-6566 was published for microweber/microweber (Composer) Dec 7, 2023
Test code in published microsoft-graph-beta package exposes phpinfo() Moderate
GHSA-7mc6-x925-7qvx was published for microsoft/microsoft-graph-beta (Composer) Dec 5, 2023
October CMS safe mode bypass using Page template injection Moderate
CVE-2023-44381 was published for october/system (Composer) Nov 29, 2023
whatev3n
Credited to whatev3n
OroCommerce Customer Portal Incorrect Customer and Customer Group Frontend Menus pages visibility Moderate
CVE-2023-32064 was published for oro/customer-portal (Composer) Nov 27, 2023
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters Moderate
CVE-2023-46734 was published for symfony/symfony (Composer) Nov 12, 2023
Rudloff nicolas-grekas
Credited to Rudloff and nicolas-grekas
Cross-site Scripting in Admidio Moderate
CVE-2023-47380 was published for admidio/admidio (Composer) Nov 22, 2023
October CMS stored XSS by authenticated backend user with improper configuration Moderate
CVE-2023-44383 was published for october/system (Composer) Nov 29, 2023
Cross-site Scripting in DOMSanitizer Moderate
CVE-2023-49146 was published for rhukster/dom-sanitizer (Composer) Nov 23, 2023
LibreNMS vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-36746 was published for librenms/librenms (Composer) Aug 31, 2022
emilwareus
Credited to emilwareus
XSS in Adminer Moderate
GHSA-m56g-3g8v-2rxw was published for vrana/adminer (Composer) Feb 11, 2021 withdrawn
emilwareus
Credited to emilwareus
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database