GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,344 advisories
Filter by severity
CSV Injection vulnerability with exported contact lists in Mautic
Moderate
CVE-2018-8092
was published
for
mautic/core
(Composer)
Jan 19, 2021
Users can edit the tags of any discussion
Moderate
GHSA-32wx-4gxx-h48f
was published
for
flarum/tags
(Composer)
Jan 29, 2021
XSS in Flarum Sticky extension
Moderate
CVE-2021-21283
was published
for
flarum/sticky
(Composer)
Jan 29, 2021
vrana/adminer via XSS in the history parameter in SQL command
Moderate
CVE-2020-35572
was published
for
vrana/adminer
(Composer)
Feb 11, 2021
XSS in Adminer
Moderate
GHSA-m56g-3g8v-2rxw
was published
for
vrana/adminer
(Composer)
Feb 11, 2021
•
withdrawn
vrana/adminer vulnerable to SSRF by connecting to privileged ports
Moderate
CVE-2018-7667
was published
for
vrana/adminer
(Composer)
Feb 11, 2021
Cross-site scripting (XSS)
Moderate
CVE-2021-28088
was published
for
impresscms/impresscms
(Composer)
Mar 12, 2021
Cross-site scripting (XSS)
Moderate
CVE-2020-17551
was published
for
impresscms/impresscms
(Composer)
Mar 12, 2021
Authenticated remote code execution
Moderate
GHSA-pjj4-jjgc-h3r8
was published
for
shopware/platform
(Composer)
Mar 12, 2021
Open Redirection in Login Handling
Moderate
CVE-2021-21338
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Cleartext storage of session identifier
Moderate
CVE-2021-21339
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Cross-Site Scripting in Content Preview
Moderate
CVE-2021-21340
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
Moderate
CVE-2021-21358
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Denial of Service in Page Error Handling
Moderate
CVE-2021-21359
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Cross-Site Scripting in Content Preview (CType menu)
Moderate
CVE-2021-21370
was published
for
typo3/cms
(Composer)
Mar 23, 2021
XSS in CreateQueuedJobTask
Moderate
CVE-2021-27938
was published
for
symbiote/silverstripe-queuedjobs
(Composer)
Mar 24, 2021
Path Traversal within joomla/archive zip class
Moderate
CVE-2021-26028
was published
for
joomla/archive
(Composer)
Mar 24, 2021
Stored cross-site scripting in PressBooks
Moderate
CVE-2021-3271
was published
for
pressbooks/pressbooks
(Composer)
Mar 29, 2021
Cross-site scripting (XSS) and Server side request forgery (SSRF) in moodle
Moderate
CVE-2021-20280
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
SQL Injection in moodle
Moderate
CVE-2020-25700
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Privilage Escalation in moodle
Moderate
CVE-2020-25701
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Cross-site Scripting (XSS) in moodle
Moderate
CVE-2020-25702
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Cross site-scripting (XSS) moodle
Moderate
CVE-2020-25628
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Moodle allowed some users without permission to view other users' full names
Moderate
CVE-2021-20281
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Mautic vulnerable to secret data exfiltration via symfony parameters
Moderate
CVE-2021-27908
was published
for
mautic/core
(Composer)
Apr 6, 2021
ProTip!
Advisories are also available from the
GraphQL API