Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,654
Maven
5,000+
npm
5,000+
NuGet
928
pip
4,860
Pub
13
RubyGems
1,050
Rust
1,304
Swift
53
Unreviewed advisories
All unreviewed
5,000+

5,692 advisories

Loading
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext Moderate
GHSA-9jp8-cwwx-p64q was published for ezsystems/ezplatform-admin-ui (Composer) Dec 1, 2021
CSV injection in Craft CMS High
GHSA-xrpj-f9v6-2332 was published for craftcms/cms (Composer) Oct 4, 2021 withdrawn
Inability to de-op players if listed in ops.txt with non-lowercase letters Low
GHSA-j5qg-w9jg-3wg3 was published for pocketmine/pocketmine-mp (Composer) Dec 16, 2021
Webcache Poisoning in shopware/platform and shopware/core Critical
GHSA-r64m-qchj-hrjp was published for shopware/core (Composer) Nov 24, 2021
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection Moderate
GHSA-gqqf-g5r7-84vf was published for typo3/cms-core (Composer) Sep 15, 2022
Uncapped length of skin data fields submitted by players High
GHSA-c6fg-99pr-25m9 was published for pocketmine/pocketmine-mp (Composer) Jan 6, 2022
XSS vulnerability in translations Moderate
GHSA-rrgw-3hg3-9x8c was published for oro/platform (Composer) Jan 12, 2022
Book page text, count, and author/title length is not limited in PocketMine-MP Moderate
GHSA-p62j-hrxm-xcxf was published for pocketmine/pocketmine-mp (Composer) Jan 6, 2022
IBX-1392: Image filenames sanitization High
GHSA-44m4-9cjp-j587 was published for ezsystems/ezpublish-kernel (Composer) Jan 21, 2022
Insufficient Session Expiration in Pterodactyl API Moderate
GHSA-7v3x-h7r2-34jv was published for pterodactyl/panel (Composer) Jan 21, 2022
EgoMaw Credited to EgoMaw
Impersonation of other users (passing XBOX Live authentication) by theft of logins in PocketMine-MP Moderate
GHSA-h79x-98r2-g6qc was published for pocketmine/pocketmine-mp (Composer) Jan 21, 2022
Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls Critical
CVE-2019-14537 was published for yourls/yourls (Composer) Sep 23, 2019
Improper regex in htaccess file Moderate
CVE-2022-25769 was published for mautic/core (Composer) Mar 1, 2022
mollux Credited to mollux
Arbitrary shell execution High
GHSA-3988-h75v-hwf6 was published for squizlabs/php_codesniffer (Composer) Mar 26, 2022
Possibility for Denial of Service by overwriting PHP files with language exports Moderate
GHSA-3fvf-2gp4-89wq was published for barryvdh/laravel-translation-manager (Composer) Mar 18, 2022
Object injection in cookie driver in phpfastcache Moderate
CVE-2019-16774 was published for phpfastcache/phpfastcache (Composer) Dec 12, 2019
Geolim4 Credited to Geolim4
Arbitrary shell execution High
GHSA-mhfv-8rc9-w38c was published for squizlabs/php_codesniffer (Composer) Mar 26, 2022
XSS Injection Vulnerability Low
GHSA-wf98-vxv9-jqfv was published for craftcms/cms (Composer) Apr 5, 2022
Improper Certificate Validation in node-sass affects eZ Platform Moderate
GHSA-6v6p-g8cg-2hgg was published for ezsystems/ezplatform-admin-ui (Composer) Apr 1, 2022
Automatic named constructor discovery in Valinor High
GHSA-xhr8-mpwq-2rr2 was published for cuyz/valinor (Composer) Apr 1, 2022
Ocramius Credited to Ocramius
Buffer length underflow in LoginPacket causing unchecked exceptions to be thrown High
GHSA-5jfw-35xp-5m42 was published for pocketmine/bedrock-protocol (Composer) Apr 5, 2022
Login timing attack in ibexa/core Critical
GHSA-2x4v-g8cx-jxrq was published for ibexa/core (Composer) Jun 2, 2022
Login timing attack in ezsystems/ezplatform-kernel Critical
GHSA-342c-vcff-2ff2 was published for ezsystems/ezplatform-kernel (Composer) Jun 2, 2022
XSS in various backend modules due to (un)escaping in JS notification module Moderate
GHSA-jfxf-4frr-9j3q was published for neos/neos (Composer) May 25, 2022
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5 Moderate
CVE-2020-26255 was published for getkirby/cms (Composer) Dec 8, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database