Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,114
NuGet
735
pip
3,934
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,780 advisories

Loading
Open Redirect in firefly-iii Moderate
CVE-2021-3851 was published for grumpydictator/firefly-iii (Composer) Oct 21, 2021
Cross-Site Request Forgery in snipe-it Moderate
CVE-2021-3858 was published for snipe/snipe-it (Composer) Oct 21, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Moodle Moderate
CVE-2020-25703 was published for moodle/moodle (Composer) Oct 21, 2021
Cross-site Scripting in snipe-it Moderate
CVE-2021-3863 was published for snipe/snipe-it (Composer) Oct 21, 2021
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in sulu/sulu Moderate
CVE-2021-41169 was published for sulu/sulu (Composer) Oct 22, 2021
Cross-site scripting vulnerability in TinyMCE Moderate
CVE-2024-21908 was published for TinyMCE (Composer) Oct 22, 2021
Cross-site scripting in forkcms Moderate
CVE-2020-23049 was published for forkcms/forkcms (Composer) Oct 25, 2021
Cross Site Scripting in Microweber Moderate
CVE-2021-33988 was published for microweber/microweber (Composer) Oct 25, 2021
Authenticated Stored XSS in shopware/shopware Moderate
CVE-2021-41188 was published for shopware/shopware (Composer) Oct 27, 2021
Cross-Site Request Forgery in firefly-iii Moderate
CVE-2021-3900 was published for grumpydictator/firefly-iii (Composer) Oct 28, 2021
Cross-Site Scripting in grav Moderate
CVE-2021-3904 was published for getgrav/grav (Composer) Nov 1, 2021
Cross-site scripting vulnerability in TinyMCE plugins Moderate
CVE-2024-21910 was published for TinyMCE (Composer) Nov 2, 2021
Cross-site Scripting in LibreNMS Moderate
CVE-2021-43324 was published for librenms/librenms (Composer) Nov 8, 2021
Cross-site Scripting in pegasus/google-for-jobs Moderate
CVE-2021-43561 was published for pegasus/google-for-jobs (Composer) Nov 15, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3776 was published for showdoc/showdoc (Composer) Nov 15, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3683 was published for showdoc/showdoc (Composer) Nov 15, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3775 was published for showdoc/showdoc (Composer) Nov 15, 2021
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3921 was published for grumpydictator/firefly-iii (Composer) Nov 15, 2021
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3931 was published for snipe/snipe-it (Composer) Nov 15, 2021
twill is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3932 was published for area17/twill (Composer) Nov 15, 2021
Cross-site scripting (XSS) from writer field content in the site frontend Moderate
CVE-2021-41252 was published for getkirby/cms (Composer) Nov 16, 2021
azrultech
Cross-site scripting (XSS) from image block content in the site frontend Moderate
CVE-2021-41258 was published for getkirby/cms (Composer) Nov 16, 2021
azrultech
Withdrawn: Laravel Framework does not sufficiently block the upload of executable PHP content. Moderate
CVE-2021-43617 was published for laravel/framework (Composer) Nov 16, 2021 withdrawn
Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys Moderate
CVE-2021-41273 was published for pterodactyl/panel (Composer) Nov 18, 2021
Haxatron
The disqualify lead action may be executed without CSRF token check Moderate
CVE-2021-39198 was published for oro/crm (Composer) Nov 19, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database