GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,284 advisories
Filter by severity
Cross-site scripting in phpoffice/phpspreadsheet
Moderate
CVE-2020-7776
was published
for
phpoffice/phpspreadsheet
(Composer)
May 6, 2021
"Cross-site scripting in ThinkAdmin"
Moderate
CVE-2020-29315
was published
for
zoujingli/thinkadmin
(Composer)
May 6, 2021
Cross-site Scripting in OpenCart
Moderate
CVE-2020-10596
was published
for
opencart/opencart
(Composer)
May 6, 2021
Cross-Site Request Forgery in MAGMI
Moderate
CVE-2020-5776
was published
for
dweeves/magmi
(Composer)
May 6, 2021
Reflected cross-site scripting in francoisjacquet/rosariosis
Moderate
CVE-2020-13278
was published
for
francoisjacquet/rosariosis
(Composer)
May 6, 2021
Prevent user enumeration using Guard or the new Authenticator-based Security
Moderate
CVE-2021-21424
was published
for
lexik/jwt-authentication-bundle
(Composer)
May 13, 2021
Authenticated Stored XSS in Administration
Moderate
GHSA-f6p7-8xfw-fjqq
was published
for
shopware/shopware
(Composer)
May 21, 2021
Information leakage in Error Handler
Moderate
GHSA-9vxv-wpv4-f52p
was published
for
shopware/shopware
(Composer)
May 21, 2021
Server-Side Request Forgery in yoast_seo
Moderate
CVE-2021-31779
was published
for
yoast-seo-for-typo3/yoast_seo
(Composer)
May 21, 2021
Denial of service in direct_mail
Moderate
CVE-2020-12697
was published
for
directmailteam/direct-mail
(Composer)
May 24, 2021
Open redirect in direct_mail
Moderate
CVE-2020-12699
was published
for
directmailteam/direct-mail
(Composer)
May 24, 2021
Cross-site Scripting (XSS) in baserCMS
Moderate
CVE-2021-20681
was published
for
baserproject/basercms
(Composer)
Jun 8, 2021
Cross-site Scripting (XSS) in baserCMS
Moderate
CVE-2021-20683
was published
for
baserproject/basercms
(Composer)
Jun 8, 2021
reflected XSS in tribalsystems/zenario
Moderate
CVE-2021-27673
was published
for
tribalsystems/zenario
(Composer)
Jun 8, 2021
Cross-site scripting in media2click
Moderate
CVE-2021-31778
was published
for
amazing/media2click
(Composer)
Jun 8, 2021
SQL Injection in tribalsystems/zenario
Moderate
CVE-2021-27672
was published
for
tribalsystems/zenario
(Composer)
Jun 8, 2021
Predictable CSRF tokens in centreon/centreon
Moderate
CVE-2021-28055
was published
for
centreon/centreon
(Composer)
Jun 8, 2021
Cross-site scripting in Centreon
Moderate
CVE-2021-27676
was published
for
centreon/centreon
(Composer)
Jun 8, 2021
Authentication bypass in SilverStripe GraphQL
Moderate
CVE-2020-26136
was published
for
silverstripe/graphql
(Composer)
Jun 10, 2021
Authentication granted to all firewalls instead of just one
Moderate
CVE-2021-32693
was published
for
symfony/security-http
(Composer)
Jun 21, 2021
ckeditor4 vulnerable to cross-site scripting
Moderate
CVE-2021-33829
was published
for
ckeditor4
(Composer)
Jun 21, 2021
Form validation can be skipped
Moderate
CVE-2021-32697
was published
for
neos/form
(Composer)
Jun 22, 2021
Cross-site scripting in PageKit
Moderate
CVE-2021-32245
was published
for
pagekit/pagekit
(Composer)
Jun 22, 2021
Session Fixation in Subrion CMS
Moderate
CVE-2020-12467
was published
for
intelliants/subrion
(Composer)
Jun 22, 2021
Cross-site Scripting in yii2cmf
Moderate
CVE-2018-10704
was published
for
yidashi/yii2cmf
(Composer)
Jun 22, 2021
ProTip!
Advisories are also available from the
GraphQL API