Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,356 advisories

Loading
vrana/adminer vulnerable to SSRF by connecting to privileged ports Moderate
CVE-2018-7667 was published for vrana/adminer (Composer) Feb 11, 2021
SecGus
XSS in Adminer Moderate
GHSA-m56g-3g8v-2rxw was published for vrana/adminer (Composer) Feb 11, 2021 withdrawn
emilwareus
vrana/adminer via XSS in the history parameter in SQL command Moderate
CVE-2020-35572 was published for vrana/adminer (Composer) Feb 11, 2021
XSS in Flarum Sticky extension Moderate
CVE-2021-21283 was published for flarum/sticky (Composer) Jan 29, 2021
Users can edit the tags of any discussion Moderate
GHSA-32wx-4gxx-h48f was published for flarum/tags (Composer) Jan 29, 2021
LianSheng197 SychO9
CSV Injection vulnerability with exported contact lists in Mautic Moderate
CVE-2018-8092 was published for mautic/core (Composer) Jan 19, 2021
XSS vulnerability in company name field in Mautic Moderate
CVE-2018-11200 was published for mautic/core (Composer) Jan 19, 2021
joanbono alanhartless
Inline JS XSS vulnerability in Mautic Moderate
CVE-2017-1000488 was published for mautic/core (Composer) Jan 19, 2021
alanhartless
XSS vulnerability in theme config file in Mautic Moderate
CVE-2018-8071 was published for mautic/core (Composer) Jan 19, 2021
XSS vulnerability in Author URL of themes in Mautic Moderate
CVE-2018-11198 was published for mautic/core (Composer) Jan 19, 2021
joanbono
Mautic users able to download any files from server using filemanager Moderate
CVE-2017-1000490 was published for mautic/core (Composer) Jan 19, 2021
Kirby .dev domains and some reverse proxy setups were treated as local Moderate
CVE-2020-26253 was published for getkirby/cms (Composer) Jan 14, 2021
Cross-site scripting vulnerability in TinyMCE Moderate
CVE-2024-21911 was published for TinyMCE (Composer) Jan 6, 2021
emilwareus
Cross-Site Scripting in Fluid view helpers Moderate
CVE-2020-26227 was published for typo3/cms (Composer) Dec 21, 2020
ohader
Cross-Site Scripting in Grav Moderate
GHSA-cvmr-6428-87w9 was published for getgrav/grav (Composer) Dec 10, 2020
ShrubberyRubbery
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5 Moderate
CVE-2020-26255 was published for getkirby/cms (Composer) Dec 8, 2020
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled. Moderate
CVE-2020-15247 was published for october/cms (Composer) Nov 23, 2020
ka1n4t
Reflected XSS with parameters in PostComment Moderate
CVE-2020-26225 was published for prestashop/productcomments (Composer) Nov 16, 2020
my3ker
Authenticated XML External Entity Processing Moderate
GHSA-8xv9-qcr9-ww9j was published for shopware/core (Composer) Oct 19, 2020
dahua966
Ability to switch customer email address on account detail page and stay verified Moderate
CVE-2020-15245 was published for sylius/sylius (Composer) Oct 19, 2020
decemvre
XSS vulnerability when listing users on add & modify server pages. Moderate
GHSA-5822-pw57-vv37 was published for pterodactyl/panel (Composer) Oct 8, 2020
sergejostir
Cross-Site Scripting in ternary conditional operator Moderate
CVE-2020-15241 was published for typo3/cms (Composer) Oct 8, 2020
billdagou NamelessCoder
Contao Insert tag injection in forms Moderate
CVE-2020-25768 was published for contao/contao (Composer) Sep 24, 2020
Information Disclosure in TYPO3 extension sf_event_mgt Moderate
CVE-2020-25026 was published for derhansen/sf_event_mgt (Composer) Sep 2, 2020
derhansen
Reset Password / Login vulnerability in Sulu Moderate
CVE-2020-15132 was published for sulu/sulu (Composer) Aug 5, 2020
Synacktiv-contrib TomKeur
Prokyonn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database