GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
210 advisories
Filter by severity
Moodle multiple cross-site scripting (XSS) vulnerabilities
Low
CVE-2014-3551
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle cross-site scripting (XSS) vulnerability
Low
CVE-2014-3544
was published
for
moodle/moodle
(Composer)
May 13, 2022
TYPO3 Backend vulnerable to Cross-site Scripting
Low
CVE-2009-3629
was published
for
typo3/cms-backend
(Composer)
May 2, 2022
XSS Injection Vulnerability
Low
GHSA-wf98-vxv9-jqfv
was published
for
craftcms/cms
(Composer)
Apr 5, 2022
Cross-Site Request Forgery in YOURLS
Low
CVE-2022-0088
was published
for
yourls/yourls
(Composer)
Apr 4, 2022
Discoverability of user password hash in Statamic CMS
Low
CVE-2022-24784
was published
for
statamic/cms
(Composer)
Mar 29, 2022
Twig Sandbox Information Disclosure
Low
CVE-2019-9942
was published
for
twig/twig
(Composer)
Mar 26, 2022
Shopware user session is not logged out if the password is reset via password recovery
Low
CVE-2022-24744
was published
for
shopware/core
(Composer)
Mar 10, 2022
Business Logic Errors in microweber
Low
CVE-2022-0688
was published
for
microweber/microweber
(Composer)
Feb 21, 2022
Insufficient user authorization in Moodle
Low
CVE-2022-0333
was published
for
moodle/moodle
(Composer)
Jan 28, 2022
Insufficient Session Expiration in shopware
Low
CVE-2022-21652
was published
for
shopware/shopware
(Composer)
Jan 6, 2022
Inability to de-op players if listed in ops.txt with non-lowercase letters
Low
GHSA-j5qg-w9jg-3wg3
was published
for
pocketmine/pocketmine-mp
(Composer)
Dec 16, 2021
Cross-Site Request Forgery in remdex/livehelperchat
Low
CVE-2021-4049
was published
for
remdex/livehelperchat
(Composer)
Dec 10, 2021
bookstack is vulnerable to Cross-Site Request Forgery (CSRF)
Low
CVE-2021-3944
was published
for
ssddanbrown/bookstack
(Composer)
Dec 3, 2021
snipe-it is vulnerable to Cross-site Scripting
Low
CVE-2021-3938
was published
for
snipe/snipe-it
(Composer)
Nov 15, 2021
Cross-Site Request Forgery in firefly-iii
Low
CVE-2021-3901
was published
for
grumpydictator/firefly-iii
(Composer)
Oct 28, 2021
pterodactyl/panel CSRF allowing an external page to trigger a user logout event
Low
CVE-2021-41176
was published
for
pterodactyl/panel
(Composer)
Oct 25, 2021
Improper Input Validation in Firefly III
Low
CVE-2019-14671
was published
for
grumpydictator/firefly-iii
(Composer)
Sep 8, 2021
Use of a Broken or Risky Cryptographic Algorithm
Low
CVE-2021-27913
was published
for
mautic/core
(Composer)
Sep 1, 2021
Creation of order credits was not validated by acl in admin orders
Low
GHSA-g7w8-pp9w-7p32
was published
for
shopware/core
(Composer)
Jun 28, 2021
Croos-site scripting in Croogo
Low
CVE-2019-20789
was published
for
croogo/croogo
(Composer)
Jun 22, 2021
User enumeration in authentication mechanisms
Low
GHSA-g2qj-pmxm-9f8f
was published
for
symfony/security-http
(Composer)
May 17, 2021
User enumeration in authentication mechanisms
Low
GHSA-2frx-j9hj-6c65
was published
for
lexik/jwt-authentication-bundle
(Composer)
May 17, 2021
User (Encrypted) Password Field Being Serialised
Low
GHSA-7fjp-g4m7-fx23
was published
for
pwweb/laravel-core
(Composer)
Apr 13, 2021
Potential Session Hijacking
Low
GHSA-h9q8-5gv2-v6mg
was published
for
shopware/platform
(Composer)
Mar 12, 2021
ProTip!
Advisories are also available from the
GraphQL API