Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,328 advisories

Loading
Improper Encoding or Escaping of Output in Asset Metadata Component High
CVE-2021-39170 was published for pimcore/pimcore (Composer) Sep 1, 2021
CSV Injection Vulnerability High
CVE-2021-41824 was published for craftcms/cms (Composer) Oct 18, 2021
Cross-Site Request Forgery in GilaCMS High
CVE-2020-20693 was published for gilacms/gila (Composer) Sep 30, 2021
Cross-Site Scripting via SVG media files High
CVE-2021-37710 was published for shopware/core (Composer) Aug 23, 2021
Insecure Inherited Permissions in neoan3-apps/template High
CVE-2021-41170 was published for neoan3-apps/template (Composer) Nov 10, 2021
Command Injection in RaspAP 2.6.6 High
CVE-2021-38556 was published for billz/raspap-webgui (Composer) Sep 2, 2021
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. High
CVE-2021-38557 was published for billz/raspap-webgui (Composer) Sep 2, 2021
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type High
CVE-2021-3915 was published for ssddanbrown/bookstack (Composer) Nov 15, 2021
Improper Resource Shutdown or Release in TYPO3 extension High
CVE-2021-38623 was published for webcoast/deferred-image-processing (Composer) Aug 30, 2021
Data Flow Sanitation Issue Fix High
CVE-2021-32759 was published for openmage/magento-lts (Composer) Aug 30, 2021
OS Command Injection in Centreon High
CVE-2020-22345 was published for centreon/centreon (Composer) Sep 2, 2021
Cross-site Scripting in snipe/snipe-it High
CVE-2021-3961 was published for snipe/snipe-it (Composer) Nov 23, 2021
Arbitrary Code Execution in feehi/cms High
CVE-2020-21322 was published for feehi/cms (Composer) Sep 20, 2021
BuddyPress privilege escalation via REST API High
CVE-2021-21389 was published for buddypress/buddypress (Composer) Oct 6, 2021
Server-Side Request Forgery vulnerability in concrete5 High
CVE-2021-22958 was published for concrete5/concrete5 (Composer) Oct 12, 2021
Cross-site scripting vulnerability in file upload High
CVE-2021-39136 was published for baserproject/basercms (Composer) Aug 30, 2021
Unauthenticated SQL Injection in Cachet High
CVE-2021-39165 was published for cachethq/cachet (Composer) Aug 30, 2021
phith0n
Credited to phith0n
Use of Insufficiently Random Values in yiisoft/yii2-dev High
CVE-2021-3689 was published for yiisoft/yii2-dev (Composer) Sep 1, 2021
Malicious password-reset in Akaunting High
CVE-2021-36804 was published for akaunting/akaunting (Composer) Sep 1, 2021
Unrestricted access to predictable file paths in hov/jobfair High
CVE-2021-43564 was published for hov/jobfair (Composer) Nov 15, 2021
Origin Validation Error in Magento 2 High
CVE-2020-8818 was published for cardgate/magento2 (Composer) Oct 12, 2021
Path traversal in grav High
CVE-2021-3924 was published for getgrav/grav (Composer) Nov 10, 2021
Potential Zip Slip Vulnerability in baserCMS High
CVE-2021-41279 was published for baserproject/basercms (Composer) Dec 1, 2021
kimai2 is vulnerable to Cross-site Scripting High
CVE-2021-3985 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
Information exposure in elgg High
CVE-2021-3980 was published for elgg/elgg (Composer) Dec 16, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database