Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,886 advisories

Loading
craftcms/cms vulnerable to cross site scripting in RSS feed widget Moderate
CVE-2023-31144 was published for craftcms/cms (Composer) May 5, 2023
DominikRebecki
Credited to DominikRebecki
Cross-site Scripting (XSS) in pimcore via DataObject Class date fields Moderate
CVE-2023-2327 was published for pimcore/pimcore (Composer) Apr 27, 2023
khanhchauminh
Credited to khanhchauminh
RosarioSIS vulnerable to CSV Injection Moderate
CVE-2023-29918 was published for francoisjacquet/rosariosis (Composer) May 2, 2023
Cross-site Scripting (XSS) in pimcore Moderate
CVE-2023-2361 was published for pimcore/pimcore (Composer) May 1, 2023
hieuminhnv
Credited to hieuminhnv
Arbitrary File Read in Admin JS CSS files Moderate
CVE-2023-30852 was published for pimcore/pimcore (Composer) Apr 27, 2023
Access bypass in Drupal Core Moderate
CVE-2022-25278 was published for drupal/core (Composer) Apr 24, 2023
Cross-site Scripting (XSS) in DataObjects QuantityValue Unit Definition Moderate
CVE-2023-2328 was published for pimcore/pimcore (Composer) Apr 27, 2023
khanhchauminh
Credited to khanhchauminh
Pimcore Cross-site Scripting (XSS) vulnerability in Admin Translations Moderate
CVE-2023-2630 was published for pimcore/pimcore (Composer) May 11, 2023
70rpedo
Credited to 70rpedo
Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php Moderate
CVE-2023-30855 was published for pimcore/pimcore (Composer) May 2, 2023
Access bypass in Drupal core Moderate
CVE-2022-25274 was published for drupal/core (Composer) Apr 26, 2023
Pimcore admin UI vulnerable to Cross-site Scripting in 2 factor authentication setup page Moderate
CVE-2023-37280 was published for pimcore/admin-ui-classic-bundle (Composer) Jul 12, 2023
HackerUniverse
Credited to HackerUniverse
TeamPass Cross-site Scripting vulnerability Moderate
CVE-2023-3565 was published for nilsteampassnet/teampass (Composer) Jul 10, 2023
Craft CMS XSS in RSS widget feed Moderate
CVE-2023-33195 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
Credited to WhiteBearVN
LavaLite vulnerable to Cross Site Scripting Moderate
CVE-2023-30124 was published for lavalite/cms (Composer) May 18, 2023
Cockpit Cross-site Scripting vulnerability Moderate
CVE-2023-4422 was published for cockpit-hq/cockpit (Composer) Aug 18, 2023
Economizzer user enumeration vulnerability Moderate
CVE-2023-38871 was published for gugoan/economizzer (Composer) Sep 28, 2023
PrestaShop allows users to uninstall modules from backoffice, even with low rights Moderate
CVE-2023-43663 was published for prestashop/prestashop (Composer) Sep 28, 2023
TinyMCE XSS vulnerability in notificationManager.open API Moderate
CVE-2023-45819 was published for TinyMCE (Composer) Oct 19, 2023
ph5i
Credited to ph5i
Pimcore Cross-site Scripting vulnerability Moderate
CVE-2023-5873 was published for pimcore/pimcore (Composer) Oct 31, 2023
phpMyFAQ vulnerable to stored Cross-site Scripting Moderate
CVE-2023-2753 was published for thorsten/phpmyfaq (Composer) May 17, 2023
Wallabag vulnerable to Allocation of Resources Without Limits or Throttling Moderate
CVE-2023-3566 was published for wallabag/wallabag (Composer) Jul 10, 2023
phpMyFAQ vulnerable to stored Cross-site Scripting Moderate
CVE-2023-2752 was published for thorsten/phpmyfaq (Composer) May 17, 2023
Pimcore Customer Management Framework vulnerable to Improper Authorization in Rules Controller Moderate
CVE-2023-3574 was published for pimcore/customer-management-framework-bundle (Composer) Jul 10, 2023
aqngoc
Credited to aqngoc
PrestaShop file access through path traversal Moderate
CVE-2023-39528 was published for prestashop/prestashop (Composer) Aug 9, 2023
TeamPass vulnerable to Improper Access Control Moderate
CVE-2023-3095 was published for nilsteampassnet/teampass (Composer) Jun 4, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database