GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,284 advisories
Filter by severity
vrana/adminer vulnerable to SSRF by connecting to privileged ports
Moderate
CVE-2018-7667
was published
for
vrana/adminer
(Composer)
Feb 11, 2021
Cross-site scripting (XSS)
Moderate
CVE-2021-28088
was published
for
impresscms/impresscms
(Composer)
Mar 12, 2021
Cross-site scripting (XSS)
Moderate
CVE-2020-17551
was published
for
impresscms/impresscms
(Composer)
Mar 12, 2021
Authenticated remote code execution
Moderate
GHSA-pjj4-jjgc-h3r8
was published
for
shopware/platform
(Composer)
Mar 12, 2021
Open Redirection in Login Handling
Moderate
CVE-2021-21338
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Cleartext storage of session identifier
Moderate
CVE-2021-21339
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Cross-Site Scripting in Content Preview
Moderate
CVE-2021-21340
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
Moderate
CVE-2021-21358
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Denial of Service in Page Error Handling
Moderate
CVE-2021-21359
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Cross-Site Scripting in Content Preview (CType menu)
Moderate
CVE-2021-21370
was published
for
typo3/cms
(Composer)
Mar 23, 2021
XSS in CreateQueuedJobTask
Moderate
CVE-2021-27938
was published
for
symbiote/silverstripe-queuedjobs
(Composer)
Mar 24, 2021
Path Traversal within joomla/archive zip class
Moderate
CVE-2021-26028
was published
for
joomla/archive
(Composer)
Mar 24, 2021
Stored cross-site scripting in PressBooks
Moderate
CVE-2021-3271
was published
for
pressbooks/pressbooks
(Composer)
Mar 29, 2021
Cross-site scripting (XSS) and Server side request forgery (SSRF) in moodle
Moderate
CVE-2021-20280
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
SQL Injection in moodle
Moderate
CVE-2020-25700
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Privilage Escalation in moodle
Moderate
CVE-2020-25701
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Cross-site Scripting (XSS) in moodle
Moderate
CVE-2020-25702
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Cross site-scripting (XSS) moodle
Moderate
CVE-2020-25628
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Moodle allowed some users without permission to view other users' full names
Moderate
CVE-2021-20281
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Mautic vulnerable to secret data exfiltration via symfony parameters
Moderate
CVE-2021-27908
was published
for
mautic/core
(Composer)
Apr 6, 2021
Potential XSS injection in the newsletter conditions field
Moderate
CVE-2021-21418
was published
for
prestashop/ps_emailsubscription
(Composer)
Apr 6, 2021
Exposure of .env if project root is configured as web root in shopware/production
Moderate
GHSA-3pcr-4982-548m
was published
for
shopware/production
(Composer)
Apr 13, 2021
Cross-Site Scripting in Bootstrap Package
Moderate
CVE-2021-21365
was published
for
bk2k/bootstrap-package
(Composer)
Apr 29, 2021
Bypass of fix for CVE-2020-26231, Twig sandbox escape
Moderate
CVE-2021-21264
was published
for
october/cms
(Composer)
May 4, 2021
OS Command injection in Bolt
Moderate
CVE-2020-28925
was published
for
bolt/bolt
(Composer)
May 6, 2021
ProTip!
Advisories are also available from the
GraphQL API