Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,284 advisories

Loading
Cross-site scripting in phpoffice/phpspreadsheet Moderate
CVE-2020-7776 was published for phpoffice/phpspreadsheet (Composer) May 6, 2021
"Cross-site scripting in ThinkAdmin" Moderate
CVE-2020-29315 was published for zoujingli/thinkadmin (Composer) May 6, 2021
Cross-site Scripting in OpenCart Moderate
CVE-2020-10596 was published for opencart/opencart (Composer) May 6, 2021
Cross-Site Request Forgery in MAGMI Moderate
CVE-2020-5776 was published for dweeves/magmi (Composer) May 6, 2021
Reflected cross-site scripting in francoisjacquet/rosariosis Moderate
CVE-2020-13278 was published for francoisjacquet/rosariosis (Composer) May 6, 2021
Prevent user enumeration using Guard or the new Authenticator-based Security Moderate
CVE-2021-21424 was published for lexik/jwt-authentication-bundle (Composer) May 13, 2021
jamesisaac mbrodala
chalasr
Authenticated Stored XSS in Administration Moderate
GHSA-f6p7-8xfw-fjqq was published for shopware/shopware (Composer) May 21, 2021
Information leakage in Error Handler Moderate
GHSA-9vxv-wpv4-f52p was published for shopware/shopware (Composer) May 21, 2021
Server-Side Request Forgery in yoast_seo Moderate
CVE-2021-31779 was published for yoast-seo-for-typo3/yoast_seo (Composer) May 21, 2021
Denial of service in direct_mail Moderate
CVE-2020-12697 was published for directmailteam/direct-mail (Composer) May 24, 2021
Open redirect in direct_mail Moderate
CVE-2020-12699 was published for directmailteam/direct-mail (Composer) May 24, 2021
Cross-site Scripting (XSS) in baserCMS Moderate
CVE-2021-20681 was published for baserproject/basercms (Composer) Jun 8, 2021
Cross-site Scripting (XSS) in baserCMS Moderate
CVE-2021-20683 was published for baserproject/basercms (Composer) Jun 8, 2021
reflected XSS in tribalsystems/zenario Moderate
CVE-2021-27673 was published for tribalsystems/zenario (Composer) Jun 8, 2021
Cross-site scripting in media2click Moderate
CVE-2021-31778 was published for amazing/media2click (Composer) Jun 8, 2021
SQL Injection in tribalsystems/zenario Moderate
CVE-2021-27672 was published for tribalsystems/zenario (Composer) Jun 8, 2021
Predictable CSRF tokens in centreon/centreon Moderate
CVE-2021-28055 was published for centreon/centreon (Composer) Jun 8, 2021
Cross-site scripting in Centreon Moderate
CVE-2021-27676 was published for centreon/centreon (Composer) Jun 8, 2021
Authentication bypass in SilverStripe GraphQL Moderate
CVE-2020-26136 was published for silverstripe/graphql (Composer) Jun 10, 2021
G-Rath
Authentication granted to all firewalls instead of just one Moderate
CVE-2021-32693 was published for symfony/security-http (Composer) Jun 21, 2021
gndk mynameisbogdan
pwarchol Warxcell wouterj adrienlamotte
ckeditor4 vulnerable to cross-site scripting Moderate
CVE-2021-33829 was published for ckeditor4 (Composer) Jun 21, 2021
Form validation can be skipped Moderate
CVE-2021-32697 was published for neos/form (Composer) Jun 22, 2021
anianweber
Cross-site scripting in PageKit Moderate
CVE-2021-32245 was published for pagekit/pagekit (Composer) Jun 22, 2021
Session Fixation in Subrion CMS Moderate
CVE-2020-12467 was published for intelliants/subrion (Composer) Jun 22, 2021
Cross-site Scripting in yii2cmf Moderate
CVE-2018-10704 was published for yidashi/yii2cmf (Composer) Jun 22, 2021
ProTip! Advisories are also available from the GraphQL API