Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,781 advisories

Loading
phpMyAdmin extension for TYPO3 has Cross-site Scripting vulnerability Moderate
CVE-2008-3032 was published for mehrwert/phpmyadmin (Composer) May 1, 2022
TYPO3 Unrestricted File Upload vulnerability Moderate
CVE-2008-2717 was published for typo3/cms-core (Composer) May 1, 2022
Moodle vulnerable to Cross-site scripting Moderate
CVE-2008-1502 was published for moodle/moodle (Composer) May 1, 2022
Joomla! vulnerable to CRLF injection Moderate
CVE-2007-4190 was published for joomla/application (Composer) May 1, 2022
HTML Purifier Cross-site Scripting vulnerability Moderate
CVE-2007-3498 was published for ezyang/htmlpurifier (Composer) May 1, 2022
Rudloff
CakePHP directory traversal vulnerability allows remote attackers to read arbitrary files Moderate
CVE-2006-5031 was published for cakephp/cakephp (Composer) May 1, 2022
ravage84
Moodle does not properly validate module instance id Moderate
CVE-2006-4936 was published for moodle/moodle (Composer) May 1, 2022
Cross-site scripting (XSS) vulnerability in CakePHP Moderate
CVE-2006-4067 was published for cakephp/cakephp (Composer) May 1, 2022
ravage84
phpSysInfo allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence Moderate
CVE-2006-3360 was published for phpsysinfo/phpsysinfo (Composer) May 1, 2022
phpMyAdmin CRLF Injection Vulnerability Moderate
CVE-2005-3621 was published for phpmyadmin/phpmyadmin (Composer) May 1, 2022
An attacker can execute malicious javascript in Live Helper Chat Moderate
CVE-2022-1530 was published for remdex/livehelperchat (Composer) Apr 30, 2022
Subrion CMS Cross-site Scripting (XSS) vulnerability in the `contact us` plugin Moderate
CVE-2021-41948 was published for intelliants/subrion (Composer) Apr 30, 2022
attritionorg
Improper Authentication in moodle Moderate
CVE-2022-0985 was published for moodle/moodle (Composer) Apr 30, 2022
Missing authorization in Moodle Moderate
CVE-2022-0984 was published for moodle/moodle (Composer) Apr 30, 2022
Improper Access Control in snipe/snipe-it Moderate
CVE-2022-1511 was published for snipe/snipe-it (Composer) Apr 29, 2022
Multiple valid tokens for password reset in Shopware Moderate
CVE-2022-24892 was published for shopware/shopware (Composer) Apr 28, 2022
Reflected Cross-site Scripting in Shopware storefront Moderate
CVE-2022-24873 was published for shopware/shopware (Composer) Apr 28, 2022
Cross-site Scripting in microweber Moderate
CVE-2022-1504 was published for microweber/microweber (Composer) Apr 28, 2022
Stored cross site scripting in getgrav/grav Moderate
CVE-2022-1173 was published for getgrav/grav (Composer) Apr 27, 2022
Stored cross-site scripting in Snipe-IT Moderate
CVE-2022-1445 was published for snipe/snipe-it (Composer) Apr 25, 2022
PrestaShop XSS Vulnerability Moderate
CVE-2012-20001 was published for prestashop/prestashop (Composer) Apr 23, 2022
Moodle included private user files in course backups Moderate
CVE-2012-1159 was published for moodle/moodle (Composer) Apr 23, 2022
Moodle default permissions too permissive Moderate
CVE-2012-1157 was published for moodle/moodle (Composer) Apr 23, 2022
Cross-site Scripting in Microweber Moderate
CVE-2022-1439 was published for microweber/microweber (Composer) Apr 23, 2022
bbPress Cross-site Scripting (XSS) vulnerability Moderate
CVE-2011-1150 was published for bbpress/bbpress (Composer) Apr 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database