GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,284 advisories
Filter by severity
Reliance on Cookies without validation in OctoberCMS
Moderate
CVE-2020-15128
was published
for
october/rain
(Composer)
Aug 5, 2020
Reset Password / Login vulnerability in Sulu
Moderate
CVE-2020-15132
was published
for
sulu/sulu
(Composer)
Aug 5, 2020
Information Disclosure in TYPO3 extension sf_event_mgt
Moderate
CVE-2020-25026
was published
for
derhansen/sf_event_mgt
(Composer)
Sep 2, 2020
Contao Insert tag injection in forms
Moderate
CVE-2020-25768
was published
for
contao/contao
(Composer)
Sep 24, 2020
Cross-Site Scripting in ternary conditional operator
Moderate
CVE-2020-15241
was published
for
typo3/cms
(Composer)
Oct 8, 2020
XSS vulnerability when listing users on add & modify server pages.
Moderate
GHSA-5822-pw57-vv37
was published
for
pterodactyl/panel
(Composer)
Oct 8, 2020
Ability to switch customer email address on account detail page and stay verified
Moderate
CVE-2020-15245
was published
for
sylius/sylius
(Composer)
Oct 19, 2020
Authenticated XML External Entity Processing
Moderate
GHSA-8xv9-qcr9-ww9j
was published
for
shopware/core
(Composer)
Oct 19, 2020
Reflected XSS with parameters in PostComment
Moderate
CVE-2020-26225
was published
for
prestashop/productcomments
(Composer)
Nov 16, 2020
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.
Moderate
CVE-2020-15247
was published
for
october/cms
(Composer)
Nov 23, 2020
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5
Moderate
CVE-2020-26255
was published
for
getkirby/cms
(Composer)
Dec 8, 2020
Cross-Site Scripting in Grav
Moderate
GHSA-cvmr-6428-87w9
was published
for
getgrav/grav
(Composer)
Dec 10, 2020
Cross-Site Scripting in Fluid view helpers
Moderate
CVE-2020-26227
was published
for
typo3/cms
(Composer)
Dec 21, 2020
Cross-site scripting vulnerability in TinyMCE
Moderate
CVE-2024-21911
was published
for
TinyMCE
(Composer)
Jan 6, 2021
Kirby .dev domains and some reverse proxy setups were treated as local
Moderate
CVE-2020-26253
was published
for
getkirby/cms
(Composer)
Jan 14, 2021
Mautic users able to download any files from server using filemanager
Moderate
CVE-2017-1000490
was published
for
mautic/core
(Composer)
Jan 19, 2021
XSS vulnerability in Author URL of themes in Mautic
Moderate
CVE-2018-11198
was published
for
mautic/core
(Composer)
Jan 19, 2021
XSS vulnerability in theme config file in Mautic
Moderate
CVE-2018-8071
was published
for
mautic/core
(Composer)
Jan 19, 2021
Inline JS XSS vulnerability in Mautic
Moderate
CVE-2017-1000488
was published
for
mautic/core
(Composer)
Jan 19, 2021
XSS vulnerability in company name field in Mautic
Moderate
CVE-2018-11200
was published
for
mautic/core
(Composer)
Jan 19, 2021
CSV Injection vulnerability with exported contact lists in Mautic
Moderate
CVE-2018-8092
was published
for
mautic/core
(Composer)
Jan 19, 2021
Users can edit the tags of any discussion
Moderate
GHSA-32wx-4gxx-h48f
was published
for
flarum/tags
(Composer)
Jan 29, 2021
XSS in Flarum Sticky extension
Moderate
CVE-2021-21283
was published
for
flarum/sticky
(Composer)
Jan 29, 2021
vrana/adminer via XSS in the history parameter in SQL command
Moderate
CVE-2020-35572
was published
for
vrana/adminer
(Composer)
Feb 11, 2021
XSS in Adminer
Moderate
GHSA-m56g-3g8v-2rxw
was published
for
vrana/adminer
(Composer)
Feb 11, 2021
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API