Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,284 advisories

Loading
Cross-site Scripting in Pimcore Moderate
CVE-2022-0911 was published for pimcore/pimcore (Composer) Mar 17, 2022
Cross-site Scripting in Pimcore Moderate
CVE-2022-0704 was published for pimcore/pimcore (Composer) Mar 17, 2022
Arbitrary File Deletion vulnerability in OctoberCMS Moderate
CVE-2020-5296 was published for october/cms (Composer) Jun 3, 2020
staz0t
Local File read vulnerability in OctoberCMS Moderate
CVE-2020-5295 was published for october/cms (Composer) Jun 3, 2020
staz0t
Reflected XSS when importing CSV in OctoberCMS Moderate
CVE-2020-5298 was published for october/backend (Composer) Jun 3, 2020
staz0t
Predictable CSRF tokens in centreon/centreon Moderate
CVE-2021-28055 was published for centreon/centreon (Composer) Jun 8, 2021
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-32712 was published for shopware/shopware (Composer) Sep 8, 2021
Cross-site Scripting in Pimcore Datahub Moderate
CVE-2022-0955 was published for pimcore/data-hub (Composer) Mar 25, 2022
Cross-site Scripting in Fork CMS Moderate
CVE-2022-0145 was published for forkcms/forkcms (Composer) Mar 25, 2022
Cross-Site Request Forgery in Anchor CMS Moderate
CVE-2022-25576 was published for anchorcms/anchor-cms (Composer) Mar 26, 2022
Cross-site Scripting in teampass Moderate
CVE-2022-26980 was published for nilsteampassnet/teampass (Composer) Mar 29, 2022
Incorrect Access Control in ImpressCMS Moderate
CVE-2021-26598 was published for impresscms/impresscms (Composer) Mar 29, 2022
Cross-site Scripting in craftcms/cms Moderate
CVE-2022-28378 was published for craftcms/cms (Composer) Apr 4, 2022
Open redirect in wwbn/avideo Moderate
CVE-2022-27463 was published for wwbn/avideo (Composer) Apr 6, 2022
SilverStripe Subsite weakens file permissions Moderate
CVE-2022-42949 was published for silverstripe/subsites (Composer) Dec 19, 2022
HTML Injection in Froxlor Moderate
CVE-2020-29653 was published for froxlor/froxlor (Composer) Apr 14, 2022
Cross-site Scripting in Pimcore Moderate
CVE-2022-1351 was published for pimcore/pimcore (Composer) Apr 15, 2022
Cross-site Scripting in snipe-it Moderate
CVE-2022-1380 was published for snipe/snipe-it (Composer) Apr 17, 2022
Cross-site Scripting in Microweber Moderate
CVE-2022-1439 was published for microweber/microweber (Composer) Apr 23, 2022
Stored cross-site scripting in Snipe-IT Moderate
CVE-2022-1445 was published for snipe/snipe-it (Composer) Apr 25, 2022
Cross-site Scripting in Jirafeau Moderate
CVE-2022-30110 was published for mojo42/jirafeau (Composer) May 18, 2022
CSRF token exposure in TYPO3 extension Moderate
CVE-2021-36793 was published for lms/routes (Composer) Sep 2, 2021
Kirby .dev domains and some reverse proxy setups were treated as local Moderate
CVE-2020-26253 was published for getkirby/cms (Composer) Jan 14, 2021
Subrion CMS 4.2.1 vulnerable to cross-site scripting in admin panel Moderate
CVE-2022-37059 was published for intelliants/subrion (Composer) Aug 29, 2022
snipe-it vulnerable to cross-site scripting (XSS) Moderate
CVE-2022-3035 was published for snipe/snipe-it (Composer) Aug 30, 2022
ProTip! Advisories are also available from the GraphQL API