Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,886 advisories

Loading
Duplicate Advisory: Wallabag user can reset data unintentionally Moderate
GHSA-rwpg-4c4c-v3r4 was published for wallabag/wallabag (Composer) Aug 21, 2023 withdrawn
Duplicate Advisory: Wallabag user can delete own API client unintentionally Moderate
GHSA-gvvx-fc6p-2h9x was published for wallabag/wallabag (Composer) Aug 21, 2023 withdrawn
Admidio vulnerable to Unrestricted Upload of File with Dangerous Type Moderate
CVE-2023-3692 was published for admidio/admidio (Composer) Jul 16, 2023
phpMyFaq Cross-site Scripting vulnerability Moderate
CVE-2023-5317 was published for thorsten/phpmyfaq (Composer) Sep 30, 2023
Microweber uses hard coded credentials Moderate
CVE-2023-5318 was published for microweber/microweber (Composer) Sep 30, 2023
phpMyFAQ allows unrestricted file types in image field Moderate
CVE-2023-5227 was published for thorsten/phpmyfaq (Composer) Sep 30, 2023
Economizzer vulnerable to Clickjacking Moderate
CVE-2023-38873 was published for gugoan/economizzer (Composer) Sep 28, 2023
Dolibarr Cross-site Scripting vulnerability Moderate
CVE-2023-5323 was published for dolibarr/dolibarr (Composer) Oct 1, 2023
PrestaShop boolean SQL injection Moderate
CVE-2023-39524 was published for prestashop/prestashop (Composer) Aug 9, 2023
LavaLite CMS vulnerable to host header injection attack Moderate
CVE-2023-27237 was published for lavalite/cms (Composer) May 12, 2023
Cross-site Scripting in snipe/snipe-it Moderate
CVE-2023-5452 was published for snipe/snipe-it (Composer) Oct 6, 2023
Pimcore customers' list user password hash is disclosed Moderate
CVE-2023-2881 was published for pimcore/customer-management-framework-bundle (Composer) May 25, 2023
Teampass Cross-site Scripting vulnerability Moderate
CVE-2023-3191 was published for nilsteampassnet/teampass (Composer) Jun 10, 2023
Teampass Cross-site Scripting vulnerability Moderate
CVE-2023-3190 was published for nilsteampassnet/teampass (Composer) Jun 10, 2023
Froxlor Session Fixation vulnerability Moderate
CVE-2023-3192 was published for froxlor/froxlor (Composer) Jun 11, 2023
Pimcore Cross-site Scripting vulnerability Moderate
CVE-2023-3821 was published for pimcore/pimcore (Composer) Jul 21, 2023
Pimcore Cross-site Scripting vulnerability Moderate
CVE-2023-3822 was published for pimcore/pimcore (Composer) Jul 21, 2023
Cockpit CMS arbitrary file upload vulnerability Moderate
CVE-2023-41564 was published for cockpit-hq/cockpit (Composer) Sep 9, 2023
Cecil Cross-site Scripting vulnerability Moderate
CVE-2023-4913 was published for cecil/cecil (Composer) Sep 12, 2023
Cross-site scripting (XSS) from MIME type auto-detection of uploaded files Moderate
CVE-2023-38491 was published for getkirby/cms (Composer) Jul 28, 2023
XML External Entity (XXE) vulnerability in the XML data handler Moderate
CVE-2023-38490 was published for getkirby/cms (Composer) Jul 28, 2023
noraj dapatrese
Credited to noraj and dapatrese
Denial of service from unlimited password lengths Moderate
CVE-2023-38492 was published for getkirby/cms (Composer) Jul 28, 2023
5hank4r
Credited to 5hank4r
Stored Cross-Site Scripting October CMS Moderate
CVE-2023-37692 was published for october/october (Composer) Jul 26, 2023
Easy!Appointments Improper Access Control vulnerability Moderate
CVE-2023-3700 was published for alextselegidis/easyappointments (Composer) Jul 17, 2023
By-passing Cross-Site Scripting Protection in HTML Sanitizer Moderate
CVE-2023-38500 was published for typo3/html-sanitizer (Composer) Jul 25, 2023
leeN Yaniv-git
ohader bnf
Credited to leeN, Yaniv-git, ohader, and bnf
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database