Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,110
NuGet
735
pip
3,933
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,780 advisories

Loading
Known v1.3.1 contains Insecure Direct Object Reference Moderate
CVE-2022-30852 was published for idno/known (Composer) Jul 9, 2022
Open Redirect in microweber Moderate
CVE-2022-2252 was published for microweber/microweber (Composer) Jun 30, 2022
Cross-site Scripting in microweber Moderate
CVE-2022-2300 was published for microweber/microweber (Composer) Jul 5, 2022
Cross-site Scripting in admidio Moderate
CVE-2022-23896 was published for admidio/admidio (Composer) Jun 29, 2022
Stored XSS in link tags added via XHR in SilverStripe Framework Moderate
CVE-2022-28803 was published for silverstripe/framework (Composer) Jun 29, 2022
Unpublished, protected files can be published via shortcode Moderate
CVE-2022-29858 was published for silverstripe/assets (Composer) Jun 29, 2022
Hybridsessions does not expire session id on logout Moderate
CVE-2022-24444 was published for silverstripe/hybridsessions (Composer) Jun 29, 2022
Known vulnerable to code execution via SVG file in v1.3.1 Moderate
CVE-2022-32115 was published for idno/known (Composer) Jul 9, 2022
Microweber Stored Cross-site Scripting before v1.2.20 Moderate
CVE-2022-2495 was published for microweber/microweber (Composer) Jul 23, 2022
Serubin
Microweber before 1.2.21 vulnerable to reflected XSS Moderate
CVE-2022-2470 was published for microweber/microweber (Composer) Jul 23, 2022
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent Moderate
CVE-2022-36032 was published for react/http (Composer) Sep 16, 2022
lavish
FeehiCMS vulnerable to Cross-Site scripting via crafted payload Moderate
CVE-2022-40408 was published for feehi/feehicms (Composer) Sep 30, 2022
DoS vulnerability in MaliciousCode filter Moderate
CVE-2023-23617 was published for openmage/magento-lts (Composer) Jan 27, 2023
Improper Authorization in dolibarr/dolibarr Moderate
CVE-2022-0731 was published for dolibarr/dolibarr (Composer) Feb 24, 2022
Cross-site scripting in Dolibarr Moderate
CVE-2019-16197 was published for dolibarr/dolibarr (Composer) Nov 8, 2019
FeehiCMS Cross Site Scripting vulnerability Moderate
CVE-2022-40002 was published for feehi/feehicms (Composer) Dec 15, 2022
FeehiCMS Cross Site Scripting vulnerability Moderate
CVE-2020-36607 was published for feehi/feehicms (Composer) Dec 15, 2022
FeehiCMS Cross Site Scripting vulnerability Moderate
CVE-2022-40001 was published for feehi/feehicms (Composer) Dec 15, 2022
FeehiCMS Cross Site Scripting vulnerability Moderate
CVE-2021-36572 was published for feehi/feehicms (Composer) Dec 15, 2022
FeehiCMS Unrestricted Upload vulnerability Moderate
CVE-2021-36573 was published for feehi/feehicms (Composer) Dec 15, 2022
FeehiCMS Cross Site Scripting vulnerability Moderate
CVE-2022-40373 was published for feehi/feehicms (Composer) Dec 15, 2022
FeehiCMS Cross Site Scripting vulnerability Moderate
CVE-2022-40000 was published for feehi/feehicms (Composer) Dec 15, 2022
FeehiCMS vulnerable to Cross Site Scripting Moderate
CVE-2020-20589 was published for feehi/feehicms (Composer) Dec 15, 2022
Cross site scripting in getkirby/starterkit Moderate
CVE-2022-35174 was published for getkirby/starterkit (Composer) Aug 19, 2022
Cross site scripting in yetiforce/yetiforce-crm Moderate
CVE-2022-1340 was published for yetiforce/yetiforce-crm (Composer) Aug 23, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database