GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+
2,781 advisories
Filter by severity
Improper Access Control in wp-graphql
Moderate
CVE-2019-25060
was published
for
wp-graphql/wp-graphql
(Composer)
May 10, 2022
Unrestricted Upload of File with Dangerous Type in yetiforce-crm
Moderate
CVE-2022-1411
was published
for
yetiforce/yetiforce-crm
(Composer)
May 6, 2022
PrestaShop Stored Cross-Site Scripting Vulnerability
Moderate
CVE-2013-4791
was published
for
prestashop/prestashop
(Composer)
May 5, 2022
Symfony Host Header Injection vulnerability in the HttpFoundation component
Moderate
CVE-2013-4752
was published
for
symfony/http-foundation
(Composer)
May 5, 2022
Microweber vulnerable to cross-site scripting (XSS)
Moderate
CVE-2022-1555
was published
for
microweber/microweber
(Composer)
May 5, 2022
Cross-site Scripting in FacturaScripts
Moderate
CVE-2022-1571
was published
for
facturascripts/facturascripts
(Composer)
May 5, 2022
MantisBT vulnerable to XSS via unescaped output in browser_search_plugin.php
Moderate
CVE-2022-28508
was published
for
mantisbt/mantisbt
(Composer)
May 5, 2022
Cross-site Scripting in Microweber
Moderate
CVE-2022-1584
was published
for
microweber/microweber
(Composer)
May 5, 2022
SCart is vulnerable to cross-site scripting (XSS)
Moderate
CVE-2022-21149
was published
for
s-cart/core
(Composer)
May 3, 2022
Smarty Does Not Consider Umask Values When Setting Permissions
Moderate
CVE-2009-5054
was published
for
smarty/smarty
(Composer)
May 2, 2022
TYPO3 Simple Download-System with Counter and Categories Vulnerable to Information Disclosure
Moderate
CVE-2009-4160
was published
for
jweiland/kk-downloader
(Composer)
May 2, 2022
Apache Solr Search for TYPO3 vulnerable to Cross-site Scripting
Moderate
CVE-2009-3821
was published
for
apache-solr-for-typo3/solr
(Composer)
May 2, 2022
freeCap CAPTCHA extension for TYPO3 has vulnerability in the session handling feature
Moderate
CVE-2009-3818
was published
for
sjbr/sr-freecap
(Composer)
May 2, 2022
phpMyAdmin Cross-site Scripting In MySQL Table Name
Moderate
CVE-2009-3696
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 2, 2022
TYPO3 API function vulnerable to Cross-site Scripting
Moderate
CVE-2009-3633
was published
for
typo3/cms-core
(Composer)
May 2, 2022
Typo3 API Install Tool vulnerable to Cross-site Scripting
Moderate
CVE-2009-3636
was published
for
typo3/cms-install
(Composer)
May 2, 2022
TYPO3 Install Tool Subcomponent Allows Access Using Only a Password's MD5 Hash as a Credential
Moderate
CVE-2009-3635
was published
for
typo3/cms
(Composer)
May 2, 2022
TYPO3 Backend Discloses Encryption Key
Moderate
CVE-2009-3628
was published
for
typo3/cms-backend
(Composer)
May 2, 2022
TYPO3 Backend vulnerable to Frame Hijacking
Moderate
CVE-2009-3630
was published
for
typo3/cms-backend
(Composer)
May 2, 2022
Typo3 Backend XSS Vulnerability
Moderate
CVE-2009-0816
was published
for
typo3/cms
(Composer)
May 2, 2022
TYPO3 leaks a hash secret in an error message
Moderate
CVE-2009-0815
was published
for
typo3/cms
(Composer)
May 2, 2022
Joomla! Open Redirect vulnerability
Moderate
CVE-2008-4104
was published
for
joomla/framework
(Composer)
May 2, 2022
Joomla! doesn't configure .htaccess to apply certain security checks that "block common exploits" to SEF URLs
Moderate
CVE-2008-3228
was published
for
joomla/joomla-platform
(Composer)
May 1, 2022
Joomla! allows attackers to access cached pages
Moderate
CVE-2008-3226
was published
for
joomla/joomla-platform
(Composer)
May 1, 2022
Drupal vulnerable to Cross-site Scripting
Moderate
CVE-2008-3218
was published
for
drupal/drupal
(Composer)
May 1, 2022
ProTip!
Advisories are also available from the
GraphQL API