Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,968 advisories

Loading
Authenticated Stored XSS in Administration Moderate
GHSA-f6p7-8xfw-fjqq was published for shopware/shopware (Composer) May 21, 2021
CKEditor 4 vulnerabilities in versions <4.16.1 Moderate
GHSA-cfcv-q4qq-2ph4 was published for pimcore/pimcore (Composer) Aug 23, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-gqcf-83rq-gpfr was published for ibexa/post-install (Composer) Sep 14, 2021
Private files publicly accessible with Cloud Storage providers High
GHSA-vrf2-xghr-j52v was published for shopware/core (Composer) Jun 28, 2021
non-admin users can create integration role with administrator role Moderate
GHSA-243q-g9j3-qf6r was published for shopware/core (Composer) Jun 28, 2021
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext Moderate
GHSA-9jp8-cwwx-p64q was published for ezsystems/ezplatform-admin-ui (Composer) Dec 1, 2021
CSV injection in Craft CMS High
GHSA-xrpj-f9v6-2332 was published for craftcms/cms (Composer) Oct 4, 2021 withdrawn
Inability to de-op players if listed in ops.txt with non-lowercase letters Low
GHSA-j5qg-w9jg-3wg3 was published for pocketmine/pocketmine-mp (Composer) Dec 16, 2021
Webcache Poisoning in shopware/platform and shopware/core Critical
GHSA-r64m-qchj-hrjp was published for shopware/core (Composer) Nov 24, 2021
PocketMine-MP has improperly handled dye colour IDs in banner NBT, leading to server crash High
GHSA-wqqv-jcfr-9f5g was published for pocketmine/pocketmine-mp (Composer) Jan 9, 2023
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection Moderate
GHSA-gqqf-g5r7-84vf was published for typo3/cms-core (Composer) Sep 15, 2022
Uncapped length of skin data fields submitted by players High
GHSA-c6fg-99pr-25m9 was published for pocketmine/pocketmine-mp (Composer) Jan 6, 2022
XSS vulnerability in translations Moderate
GHSA-rrgw-3hg3-9x8c was published for oro/platform (Composer) Jan 12, 2022
Book page text, count, and author/title length is not limited in PocketMine-MP Moderate
GHSA-p62j-hrxm-xcxf was published for pocketmine/pocketmine-mp (Composer) Jan 6, 2022
Unchecked validity of Facing values in PlayerActionPacket High
GHSA-xh99-hw7h-wf63 was published for pocketmine/pocketmine-mp (Composer) Jan 13, 2022
IBX-1392: Image filenames sanitization High
GHSA-44m4-9cjp-j587 was published for ezsystems/ezpublish-kernel (Composer) Jan 21, 2022
Unhandled exception when decoding form response JSON High
GHSA-wjfq-88q2-r34j was published for pocketmine/pocketmine-mp (Composer) Jan 21, 2022
Insufficient Session Expiration in Pterodactyl API Moderate
GHSA-7v3x-h7r2-34jv was published for pterodactyl/panel (Composer) Jan 21, 2022
EgoMaw
Impersonation of other users (passing XBOX Live authentication) by theft of logins in PocketMine-MP Moderate
GHSA-h79x-98r2-g6qc was published for pocketmine/pocketmine-mp (Composer) Jan 21, 2022
Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourls Critical
CVE-2019-14537 was published for yourls/yourls (Composer) Sep 23, 2019
Possible SQL injection in tablelookupwizard Contao Extension High
GHSA-v3mr-gp7j-pw5w was published for terminal42/contao-tablelookupwizard (Composer) Feb 10, 2022
Improper regex in htaccess file Moderate
CVE-2022-25769 was published for mautic/core (Composer) Mar 1, 2022
mollux
Improperly checked metadata on tools/armour itemstacks received from the client High
GHSA-46c5-pfj8-fv65 was published for pocketmine/pocketmine-mp (Composer) Mar 18, 2022
JavierLeon9966
Arbitrary shell execution High
GHSA-3988-h75v-hwf6 was published for squizlabs/php_codesniffer (Composer) Mar 26, 2022
Possibility for Denial of Service by overwriting PHP files with language exports Moderate
GHSA-3fvf-2gp4-89wq was published for barryvdh/laravel-translation-manager (Composer) Mar 18, 2022
ProTip! Advisories are also available from the GraphQL API