GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
33 advisories
Filter by severity
Zenario CMS is vulnerable to Remote Code Execution (RCE).
Critical
CVE-2022-44136
was published
for
tribalsystems/zenario
(Composer)
Nov 30, 2022
LibreNMS vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2022-36745
was published
for
librenms/librenms
(Composer)
Aug 31, 2022
Browsershot does not validate URL protocols passed to Browsershot URL method
High
CVE-2022-41706
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
Concrete CMS vulnerable to Cross-site Scripting
Moderate
CVE-2022-43688
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext
Moderate
GHSA-fxwm-rx68-p5vx
was published
for
ezsystems/ezplatform-richtext
(Composer)
Dec 1, 2021
php-mod/curl allows Cross-site Scripting
Moderate
CVE-2021-30134
was published
for
php-mod/curl
(Composer)
Dec 26, 2022
Unrestricted Uploads in Concrete5
High
CVE-2020-11476
was published
for
concrete5/concrete5
(Composer)
Nov 3, 2021
Cross-Site Request Forgery in Drupal core
Moderate
CVE-2020-13674
was published
for
drupal/core
(Composer)
Feb 12, 2022
Cross-site scripting (XSS) from field and configuration text displayed in the Panel
High
CVE-2021-32735
was published
for
getkirby/cms
(Composer)
Jul 2, 2021
Cross site scripting in safe-svg
Moderate
CVE-2022-1091
was published
for
darylldoyle/safe-svg
(Composer)
Apr 19, 2022
Concrete CMS vulnerable to Reflected Cross-site Scripting
Moderate
CVE-2022-43692
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
Browsershot version 3.57.3 vulnerable to improper input validation
Moderate
CVE-2022-43984
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
CakePHP allows remote attackers to spoof their IP
High
CVE-2016-4793
was published
for
cakephp/cakephp
(Composer)
May 14, 2022
Concrete CMS vulnerable to Improper Authentication
Moderate
CVE-2022-43690
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
Login timing attack in ezsystems/ezpublish-kernel
Critical
GHSA-xfqg-p48g-hh94
was published
for
ezsystems/ezpublish-kernel
(Composer)
Jun 2, 2022
Shopware user session is not logged out if the password is reset via password recovery
Low
CVE-2022-24744
was published
for
shopware/core
(Composer)
Mar 10, 2022
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)
Critical
CVE-2022-47408
was published
for
fixpunkt/fp-newsletter
(Composer)
Dec 14, 2022
Cachet vulnerable to new line injection during configuration edition
High
CVE-2021-39172
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
code injection in phpxmlrpc/phpxmlrpc
High
GHSA-3fgr-xjr6-xqm8
was published
for
phpxmlrpc/phpxmlrpc
(Composer)
Nov 28, 2022
Incorrect Authorization in Drupal core
Moderate
CVE-2020-13676
was published
for
drupal/core
(Composer)
Feb 12, 2022
Object state limitation has no effect
Critical
GHSA-5x4f-7xgq-r42x
was published
for
ezsystems/ezpublish-kernel
(Composer)
Apr 29, 2022
Exposure of Resource to Wrong Sphere in Drupal Core
High
CVE-2020-13670
was published
for
drupal/core
(Composer)
Feb 12, 2022
Information Disclosure in User Authentication
Moderate
CVE-2021-32767
was published
for
typo3/cms
(Composer)
Jul 26, 2021
Use of a Broken or Risky Cryptographic Algorithm
Low
CVE-2021-27913
was published
for
mautic/core
(Composer)
Sep 1, 2021
Cross-site Scripting in Drupal Core
Moderate
CVE-2020-13668
was published
for
drupal/core
(Composer)
Feb 12, 2022
ProTip!
Advisories are also available from the
GraphQL API