Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,886 advisories

Loading
Moodle Cross-site Scripting vulnerability Moderate
CVE-2023-5544 was published for moodle/moodle (Composer) Nov 9, 2023
Moodle Cross-site Scripting vulnerability Moderate
CVE-2023-5541 was published for moodle/moodle (Composer) Nov 9, 2023
Any value can be changed in the configuration table by an employee having access to block reassurance module Moderate
CVE-2023-47110 was published for prestashop/blockreassurance (Composer) Nov 9, 2023
Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer Moderate
CVE-2023-47125 was published for typo3/html-sanitizer (Composer) Nov 14, 2023
Yaniv-git ndossche
ohader
Credited to Yaniv-git, ndossche, and ohader
Microweber Improper Access Control vulnerability Moderate
CVE-2023-5976 was published for microweber/microweber (Composer) Nov 14, 2023
Symfony possible session fixation vulnerability Moderate
CVE-2023-46733 was published for symfony/security-http (Composer) Nov 12, 2023
RobertMe
Credited to RobertMe
phpMyFAQ Cross-site Scripting Moderate
CVE-2023-3469 was published for thorsten/phpmyfaq (Composer) Jun 30, 2023
Missing permission check of canView in GridFieldPrintButton Moderate
CVE-2023-22728 was published for silverstripe/framework (Composer) Apr 26, 2023
Lack of domain validation in Druple core Moderate
CVE-2022-25276 was published for drupal/core (Composer) Apr 26, 2023
PrestaShop path traversal Moderate
CVE-2023-39525 was published for prestashop/prestashop (Composer) Aug 9, 2023
PrestaShop file deletion via CustomerMessage Moderate
CVE-2023-39530 was published for prestashop/prestashop (Composer) Aug 9, 2023
kto94
Credited to kto94
PrestaShop file deletion via attachment API Moderate
CVE-2023-39529 was published for prestashop/prestashop (Composer) Aug 9, 2023
kto94
Credited to kto94
Cross-site Scripting (XSS) in Ecommerce Pricing Rules name field Moderate
CVE-2023-2323 was published for pimcore/pimcore (Composer) Apr 27, 2023
sampritdas8
Credited to sampritdas8
Cross-site Scripting (XSS) in Document Properties Parameter Moderate
CVE-2023-2322 was published for pimcore/pimcore (Composer) Apr 27, 2023
rootxsandy
Credited to rootxsandy
thorsten/phpmyfaq vulnerable to cross-site scripting Moderate
CVE-2023-2998 was published for thorsten/phpmyfaq (Composer) May 31, 2023
Duplicate Advisory: PrestaShop Cross-site Scripting vulnerability Moderate
CVE-2023-31508 was published for prestashop/prestashop (Composer) May 12, 2023 withdrawn
Stored cross site scripting in Craft CMS Moderate
CVE-2023-2817 was published for craftcms/cms (Composer) May 26, 2023
angrybrad
Credited to angrybrad
Microweber Cross-site Scripting vulnerability Moderate
CVE-2023-3142 was published for microweber/microweber (Composer) Jun 7, 2023
Moodle vulnerable to stored Cross-site Scripting Moderate
CVE-2021-27131 was published for moodle/moodle (Composer) May 16, 2023
PrestaShop allows employee without any access rights to list all installed modules Moderate
CVE-2023-43664 was published for prestashop/prestashop (Composer) Sep 28, 2023
Subrion CMS Cross-site Scripting vulnerability Moderate
CVE-2023-43884 was published for intelliants/subrion (Composer) Sep 28, 2023
Subrion CMS Cross-site Scripting vulnerability in /panel/languages Moderate
CVE-2023-43828 was published for intelliants/subrion (Composer) Sep 27, 2023
Subrion CMS XSS in /panel/configuration/financial/ Moderate
CVE-2023-43830 was published for intelliants/subrion (Composer) Sep 27, 2023
Microweber Cross-site Scripting vulnerability Moderate
CVE-2023-5244 was published for microweber/microweber (Composer) Sep 28, 2023
Pimcore Demo Allows GraphQL Introspection Moderate
CVE-2023-5192 was published for pimcore/demo (Composer) Sep 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database