Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,781 advisories

Loading
XSS via uploaded gpx file Moderate
CVE-2022-38147 was published for silverstripe/assets (Composer) Nov 21, 2022
Cross-site Scripting in Backdrop CMS Moderate
CVE-2022-42095 was published for backdrop/backdrop (Composer) Nov 23, 2022
Cross-site scripting (XSS) vulnerability in CakePHP Moderate
CVE-2006-4067 was published for cakephp/cakephp (Composer) May 1, 2022
ravage84
Cross-site Scripting in FacturaScripts Moderate
CVE-2022-1988 was published for facturascripts/facturascripts (Composer) Jun 4, 2022
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4123 was published for remdex/livehelperchat (Composer) Dec 17, 2021
yetiforcecrm is vulnerable to Cross-site Scripting Moderate
CVE-2021-4121 was published for yetiforce/yetiforce-crm (Composer) Dec 17, 2021
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4092 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
pimcore is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4082 was published for pimcore/pimcore (Composer) Dec 16, 2021
pimcore is vulnerable to Cross-site Scripting Moderate
CVE-2021-4081 was published for pimcore/pimcore (Composer) Dec 16, 2021
Cross site scripting in remdex/livehelperchat Moderate
CVE-2021-4050 was published for remdex/livehelperchat (Composer) Dec 10, 2021
Cross-site Scripting in Anchor CMS Moderate
CVE-2021-44116 was published for anchorcms/anchor-cms (Composer) Jan 5, 2022
yetiforcecrm is vulnerable to Cross-site Scripting Moderate
CVE-2021-4107 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
yetiforcecrm is vulnerable to Cross-site Scripting Moderate
CVE-2021-4116 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
Cross-site Scripting in pimcore Moderate
CVE-2021-4084 was published for pimcore/pimcore (Composer) Dec 16, 2021
phpservermon is vulnerable to CRLF Injection Moderate
CVE-2021-4097 was published for phpservermon/phpservermon (Composer) Dec 16, 2021
Cross-Site Request Forgery in kimai2 Moderate
CVE-2021-4033 was published for kevinpapst/kimai2 (Composer) Dec 10, 2021
snipe-it is vulnerable to Cross-site Scripting Moderate
CVE-2021-4108 was published for snipe/snipe-it (Composer) Dec 16, 2021
Open Redirect in showdoc Moderate
CVE-2021-4000 was published for showdoc/showdoc (Composer) Dec 16, 2021
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Moderate
CVE-2021-3990 was published for showdoc/showdoc (Composer) Dec 3, 2021
Cross-site Scripting in kimai2 Moderate
CVE-2021-3983 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3993 was published for showdoc/showdoc (Composer) Dec 3, 2021
Cross Site Request Forgery in firefly-iii Moderate
CVE-2021-4005 was published for grumpydictator/firefly-iii (Composer) Dec 10, 2021
yikes-inc-easy-mailchimp-extender Cross-site Scripting vulnerability Moderate
CVE-2021-4244 was published for yikesinc/yikes-inc-easy-mailchimp-extender (Composer) Dec 12, 2022
Server-Side Request Forgery in Concrete CMS Moderate
CVE-2021-22970 was published for concrete5/core (Composer) Nov 23, 2021
The disqualify lead action may be executed without CSRF token check Moderate
CVE-2021-39198 was published for oro/crm (Composer) Nov 19, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database