Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

211 advisories

Loading
OpenCart Cross-Site Request Forgery (CSRF) Low
CVE-2020-28838 was published for opencart/opencart (Composer) May 24, 2022
Magento Information Disclosure vulnerability Low
CVE-2021-28566 was published for magento/community-edition (Composer) May 24, 2022
Failed payment recorded has completed in Silverstripe Omnipay Low
CVE-2022-29254 was published for silverstripe/silverstripe-omnipay (Composer) Jun 6, 2022
Cross site scripting in Concrete CMS Low
CVE-2022-30120 was published for concrete5/core (Composer) Jun 25, 2022
Byobu user preference to prevent private discussions being started are not respected Low
CVE-2022-35921 was published for fof/byobu (Composer) Aug 6, 2022
EC-CUBE Directory traversal vulnerability Low
CVE-2022-40199 was published for ec-cube/ec-cube (Composer) Sep 28, 2022
Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued Low
CVE-2022-39284 was published for codeigniter4/framework (Composer) Oct 6, 2022
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted Low
CVE-2023-22489 was published for flarum/core (Composer) Jan 10, 2023
clarkwinkelmann
Shopware's log module vulnerable to Improper Output Neutralization Low
CVE-2023-22733 was published for shopware/core (Composer) Jan 20, 2023
Shopware has Insufficient Session Expiration in Administration Low
CVE-2023-22732 was published for shopware/core (Composer) Jan 20, 2023
Timing attack in eZ Platform Ibexa Low
CVE-2022-48366 was published for ezsystems/ezplatform-kernel (Composer) Mar 12, 2023
AzuraCast/AzuraCast vulnerable to cross-site scripting Low
CVE-2023-2191 was published for azuracast/azuracast (Composer) Apr 20, 2023
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names Low
CVE-2023-28819 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
Stored cross site scripting in RSS displayer Low
CVE-2023-28820 was published for concrete5/concrete5 (Composer) Apr 28, 2023
CraftCMS stored XSS in Quick Post widget error message Low
CVE-2023-33194 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
Admidio Improper Access Control vulnerability Low
CVE-2023-3303 was published for admidio/admidio (Composer) Jun 23, 2023
Winter CMS stored XSS through privileged upload of SVG file Low
CVE-2023-37269 was published for wintercms/winter (Composer) Jul 7, 2023
abhishekmorla
Information Disclosure due to Out-of-scope Site Resolution Low
CVE-2023-38499 was published for typo3/cms-core (Composer) Jul 25, 2023
fe-hicking ohader
bnf
Silverstripe Framework: Members with no password can be created and bypass custom login forms Low
CVE-2023-32302 was published for silverstripe/framework (Composer) Jul 31, 2023
sabina-talipova bimthebam
maxime-rainville
Froxlor vulnerable to business logic errors Low
CVE-2023-4304 was published for froxlor/froxlor (Composer) Aug 11, 2023
Economizzer Insecure Direct Object Reference vulnerability Low
CVE-2023-38872 was published for gugoan/economizzer (Composer) Sep 28, 2023
Download route allows filename change in eZpublish kernel Low
GHSA-946c-f9w6-2c25 was published for ezsystems/ezpublish-kernel (Composer) Nov 3, 2023
Ibexa DXP Download route allows filename change Low
GHSA-g95c-xc83-8353 was published for ibexa/core (Composer) Nov 3, 2023
Ibexa ezplatform-kernel download route allows filename change Low
GHSA-gv2c-5g79-h73c was published for ezsystems/ezplatform-kernel (Composer) Nov 3, 2023
Magnesium-PHP Injection vulnerability Low
CVE-2017-20187 was published for floriangaerber/magnesium (Composer) Nov 5, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database