Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

211 advisories

Loading
Generation of fake documents via public GET-call Low
GHSA-jvg4-9rc2-wvcr was published for shopware/platform (Composer) Feb 10, 2021
Creation of order credits was not validated by acl in admin orders Low
GHSA-g7w8-pp9w-7p32 was published for shopware/core (Composer) Jun 28, 2021
User enumeration in authentication mechanisms Low
GHSA-g2qj-pmxm-9f8f was published for symfony/security-http (Composer) May 17, 2021
User enumeration in authentication mechanisms Low
GHSA-2frx-j9hj-6c65 was published for lexik/jwt-authentication-bundle (Composer) May 17, 2021
mbrodala chalasr
Inability to de-op players if listed in ops.txt with non-lowercase letters Low
GHSA-j5qg-w9jg-3wg3 was published for pocketmine/pocketmine-mp (Composer) Dec 16, 2021
XSS Injection Vulnerability Low
GHSA-wf98-vxv9-jqfv was published for craftcms/cms (Composer) Apr 5, 2022
personnummer/php vulnerable to Improper Input Validation Low
GHSA-2p6g-gjp8-ggg9 was published for personnummer/personnummer (Composer) Sep 9, 2020
Shopware has Insufficient Session Expiration in Administration Low
CVE-2023-22732 was published for shopware/core (Composer) Jan 20, 2023
Shopware's log module vulnerable to Improper Output Neutralization Low
CVE-2023-22733 was published for shopware/core (Composer) Jan 20, 2023
Upload whitelisted files to any directory in OctoberCMS Low
CVE-2020-5297 was published for october/cms (Composer) Jun 3, 2020
staz0t
Cross-Site Request Forgery in YOURLS Low
CVE-2022-0088 was published for yourls/yourls (Composer) Apr 4, 2022
Failed payment recorded has completed in Silverstripe Omnipay Low
CVE-2022-29254 was published for silverstripe/silverstripe-omnipay (Composer) Jun 6, 2022
Cross site scripting in Concrete CMS Low
CVE-2022-30120 was published for concrete5/core (Composer) Jun 25, 2022
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted Low
CVE-2023-22489 was published for flarum/core (Composer) Jan 10, 2023
clarkwinkelmann
Stored XSS in October Low
CVE-2020-11083 was published for october/backend (Composer) Aug 5, 2020
staz0t
Blind SQL injection in PrestaShop productcomments module Low
CVE-2020-26248 was published for prestashop/productcomments (Composer) Jan 20, 2021
0xfadam
Privilege escalation by backend users assigned to the default "Publisher" system role Low
CVE-2020-15248 was published for october/backend (Composer) Nov 23, 2020
Potential Host Header Poisoning on misconfigured servers Low
CVE-2021-21265 was published for october/backend (Composer) Mar 10, 2021
Improper Input Validation in Firefly III Low
CVE-2019-14671 was published for grumpydictator/firefly-iii (Composer) Sep 8, 2021
Croos-site scripting in Croogo Low
CVE-2019-20789 was published for croogo/croogo (Composer) Jun 22, 2021
bookstack is vulnerable to Cross-Site Request Forgery (CSRF) Low
CVE-2021-3944 was published for ssddanbrown/bookstack (Composer) Dec 3, 2021
Cross-Site Request Forgery in firefly-iii Low
CVE-2021-3901 was published for grumpydictator/firefly-iii (Composer) Oct 28, 2021
Cross-Site Request Forgery in remdex/livehelperchat Low
CVE-2021-4049 was published for remdex/livehelperchat (Composer) Dec 10, 2021
Insufficient Session Expiration in shopware Low
CVE-2022-21652 was published for shopware/shopware (Composer) Jan 6, 2022
Business Logic Errors in microweber Low
CVE-2022-0688 was published for microweber/microweber (Composer) Feb 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database