Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,111
NuGet
735
pip
3,933
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,780 advisories

Loading
Cross-site scripting in LavaLite-CMS Moderate
CVE-2020-23700 was published for lavalite/cms (Composer) Sep 8, 2021
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-32712 was published for shopware/shopware (Composer) Sep 8, 2021
Cross-site scripting Moderate
CVE-2021-32713 was published for shopware/shopware (Composer) Sep 8, 2021
Session Fixation Moderate
CVE-2021-32710 was published for shopware/platform (Composer) Sep 8, 2021
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-32716 was published for shopware/platform (Composer) Sep 8, 2021
Cross-site Scripting in LibreNMS Moderate
CVE-2021-31274 was published for librenms/librenms (Composer) Sep 9, 2021
Cross-site scripting in ICEcoder Moderate
CVE-2021-32106 was published for icecoder/icecoder (Composer) Sep 9, 2021
Observable Response Discrepancy in Lost Password Service Moderate
CVE-2021-39189 was published for pimcore/pimcore (Composer) Sep 20, 2021
Cross-site Scripting in yourls Moderate
CVE-2021-3785 was published for yourls/yourls (Composer) Sep 20, 2021
Cross-site Scripting in yourls Moderate
CVE-2021-3783 was published for yourls/yourls (Composer) Sep 20, 2021
File reference keys leads to incorrect hashes on HMAC algorithms Moderate
CVE-2021-41106 was published for lcobucci/jwt (Composer) Sep 29, 2021
arokettu
Cross-Site Request Forgery in firefly-iii Moderate
CVE-2021-3819 was published for grumpydictator/firefly-iii (Composer) Sep 29, 2021
Reliance on Cookies without Validation and Integrity Checking in getgrav/grav Moderate
CVE-2021-3818 was published for getgrav/grav (Composer) Sep 29, 2021
Cross-site Scripting in GilaCMS Moderate
CVE-2020-20695 was published for gilacms/gila (Composer) Sep 30, 2021
Cross-site Scripting in GilaCMS Moderate
CVE-2020-20696 was published for gilacms/gila (Composer) Sep 30, 2021
Cross-site Scripting in LaraCMS Moderate
CVE-2020-20129 was published for wanglelecc/laracms (Composer) Oct 4, 2021
Cross-site scripting in application/controllers/dropbox.php in JustWriting Moderate
CVE-2021-41467 was published for hjue/justwriting (Composer) Oct 4, 2021
Cross-site scripting in demos/demo.mysqli.php in getID3 Moderate
CVE-2021-40926 was published for james-heinrich/getid3 (Composer) Oct 4, 2021
HTTP Host Header Injection Moderate
CVE-2021-41114 was published for typo3/cms (Composer) Oct 5, 2021
bnf
Stored XSS with custom URLs in PrestaShop module ps_linklist Moderate
CVE-2020-5273 was published for prestashop/ps_linklist (Composer) Oct 12, 2021
Improper Certificate Validation in Heartland & Global Payments PHP SDK Moderate
CVE-2019-20455 was published for globalpayments/php-sdk (Composer) Oct 12, 2021
Cross-site Scripting in Limesurvey Moderate
CVE-2021-42112 was published for limesurvey/limesurvey (Composer) Oct 12, 2021
Cross-site Scripting in SilverStripe Framework Moderate
CVE-2021-36150 was published for silverstripe/admin (Composer) Oct 12, 2021
SilverStripe GraphQL Server permission checker not inherited by query subclass. Moderate
CVE-2021-28661 was published for silverstripe/graphql (Composer) Oct 12, 2021
Cross-site Scripting in snipe-it Moderate
CVE-2021-3879 was published for snipe/snipe-it (Composer) Oct 21, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database