Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,744
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,887 advisories

Loading
Several Zend Products Vulnerable to XXE and XEE attacks Moderate
CVE-2014-2683 was published for zendframework/zendframework1 (Composer) May 14, 2022
Joomla! vulnerable to CRLF injection Moderate
CVE-2007-4190 was published for joomla/application (Composer) May 1, 2022
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3776 was published for showdoc/showdoc (Composer) Nov 15, 2021
vrana/adminer via XSS in the history parameter in SQL command Moderate
CVE-2020-35572 was published for vrana/adminer (Composer) Feb 11, 2021
vrana/adminer vulnerable to SSRF by connecting to privileged ports Moderate
CVE-2018-7667 was published for vrana/adminer (Composer) Feb 11, 2021
SecGus
Credited to SecGus
Craft CMS Cross-site Scripting Vulnerability Moderate
CVE-2021-32470 was published for craftcms/cms (Composer) Mar 18, 2022
Craft CMS Cross-site Scripting Vulnerability Moderate
CVE-2021-27902 was published for craftcms/cms (Composer) Jul 2, 2021
Cross-Site Request Forgery in easyii CMS Moderate
CVE-2020-36534 was published for noumo/easyii (Composer) Jun 8, 2022
Subrion CMS Cross-site Scripting Moderate
CVE-2018-14840 was published for intelliants/subrion (Composer) May 14, 2022
Typo3 XSS Vulnerability Moderate
CVE-2018-6905 was published for typo3/cms (Composer) May 14, 2022
Croogo vulnerable to XSS in title field Moderate
CVE-2019-7170 was published for croogo/croogo (Composer) May 14, 2022
Kimai v2 is vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2019-15481 was published for kevinpapst/kimai2 (Composer) May 24, 2022
jhutchings1
Credited to jhutchings1
Silverstipe CMS Stored XSS in custom meta tags Moderate
CVE-2022-37421 was published for silverstripe/cms (Composer) Nov 21, 2022
Cross-site Scripting in LibreNMS Moderate
CVE-2021-43324 was published for librenms/librenms (Composer) Nov 8, 2021
Cross-site Scripting in LibreNMS Moderate
CVE-2021-31274 was published for librenms/librenms (Composer) Sep 9, 2021
Cross-site Scripting in LibreNMS Moderate
CVE-2021-44277 was published for librenms/librenms (Composer) Dec 3, 2021
phpMyAdmin CRLF Injection Vulnerability Moderate
CVE-2005-3621 was published for phpmyadmin/phpmyadmin (Composer) May 1, 2022
Dolibarr ERP and CRM contain XSS Vulnerability Moderate
CVE-2017-14241 was published for dolibarr/dolibarr (Composer) May 17, 2022
Centreon XSS Vulnerability Moderate
CVE-2018-19311 was published for centreon/centreon (Composer) May 14, 2022
Magmi XSS Vulnerability Moderate
CVE-2017-7391 was published for dweeves/magmi (Composer) May 17, 2022
Cross-Site Request Forgery in CakePHP Moderate
CVE-2020-15400 was published for cakephp/cakephp (Composer) Feb 10, 2022
markstory
Credited to markstory
phpMyAdmin XSS Vulnerability Moderate
CVE-2016-2040 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Cross-site Scripting in Netgen Tags Bundle Moderate
CVE-2021-45895 was published for netgen/tagsbundle (Composer) Jan 6, 2022
Moodle allowed some users without permission to view other users' full names Moderate
CVE-2021-20281 was published for moodle/moodle (Composer) Mar 29, 2021
phpMyAdmin Open Redirect Moderate
CVE-2017-1000013 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database