Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,168 advisories

Loading
Path traversal in grav High
CVE-2021-3924 was published for getgrav/grav (Composer) Nov 10, 2021
Insecure Inherited Permissions in neoan3-apps/template High
CVE-2021-41170 was published for neoan3-apps/template (Composer) Nov 10, 2021
Unrestricted Uploads in Concrete5 High
CVE-2020-11476 was published for concrete5/concrete5 (Composer) Nov 3, 2021
tdunlap607
CSV Injection Vulnerability High
CVE-2021-41824 was published for craftcms/cms (Composer) Oct 18, 2021
Server-Side Request Forgery vulnerability in concrete5 High
CVE-2021-22958 was published for concrete5/concrete5 (Composer) Oct 12, 2021
Origin Validation Error in Magento 2 High
CVE-2020-8818 was published for cardgate/magento2 (Composer) Oct 12, 2021
Drupal core Unrestricted Upload of File with Dangerous Type High
CVE-2020-13671 was published for drupal/core (Composer) Oct 12, 2021
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS High
CVE-2021-41120 was published for sylius/paypal-plugin (Composer) Oct 6, 2021
BuddyPress privilege escalation via REST API High
CVE-2021-21389 was published for buddypress/buddypress (Composer) Oct 6, 2021
Deleted Admin Can Sign In to Admin Interface High
CVE-2021-41126 was published for october/october (Composer) Oct 6, 2021
Cross-Site-Request-Forgery in Backend High
CVE-2021-41113 was published for typo3/cms (Composer) Oct 5, 2021
sushiwushi ohader
Improper escaping of command arguments on Windows leading to command injection High
CVE-2021-41116 was published for composer/composer (Composer) Oct 5, 2021
paul-gerste-sonarsource
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification High
CVE-2021-41129 was published for pterodactyl/panel (Composer) Oct 4, 2021
CSV injection in Craft CMS High
GHSA-xrpj-f9v6-2332 was published for craftcms/cms (Composer) Oct 4, 2021 withdrawn
Cross-Site Request Forgery in GilaCMS High
CVE-2020-20693 was published for gilacms/gila (Composer) Sep 30, 2021
User can obtain JWT token even if account is disabled High
GHSA-36mj-6r7r-mqhf was published for ezsystems/ezplatform-rest (Composer) Sep 29, 2021
Arbitrary Code Execution in feehi/cms High
CVE-2020-21322 was published for feehi/cms (Composer) Sep 20, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-2rh5-jvgx-pgw3 was published for ezsystems/ezplatform (Composer) Sep 14, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-gqcf-83rq-gpfr was published for ibexa/post-install (Composer) Sep 14, 2021
Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2021-32717 was published for shopware/platform (Composer) Sep 8, 2021
Exposure of Resource to Wrong Sphere in LibreNMS High
CVE-2020-15877 was published for librenms/librenms (Composer) Sep 8, 2021
Arbitrary file upload in Fork CMS High
CVE-2021-28931 was published for forkcms/forkcms (Composer) Sep 8, 2021
Content object state fetch functions open to SQL injection High
GHSA-jpwx-ffjq-wr4w was published for ezsystems/ezpublish-legacy (Composer) Sep 7, 2021
Dolibarr vulnerable to Improper Authentication and Improper Access Control High
CVE-2021-25956 was published for dolibarr/dolibarr (Composer) Sep 2, 2021
OS Command Injection in Centreon High
CVE-2020-22345 was published for centreon/centreon (Composer) Sep 2, 2021
ProTip! Advisories are also available from the GraphQL API