GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
9 advisories
Stored XSS vulnerability on Bounce Management Callback
High
CVE-2021-27910
was published
for
mautic/core
(Composer)
Sep 1, 2021
Remote Code Execution in SyliusResourceBundle
High
CVE-2020-15143
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
Exposure of Resource to Wrong Sphere in Drupal Core
High
CVE-2020-13670
was published
for
drupal/core
(Composer)
Feb 12, 2022
code injection in phpxmlrpc/phpxmlrpc
High
GHSA-3fgr-xjr6-xqm8
was published
for
phpxmlrpc/phpxmlrpc
(Composer)
Nov 28, 2022
Cachet vulnerable to new line injection during configuration edition
High
CVE-2021-39172
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
CakePHP allows remote attackers to spoof their IP
High
CVE-2016-4793
was published
for
cakephp/cakephp
(Composer)
May 14, 2022
Cross-site scripting (XSS) from field and configuration text displayed in the Panel
High
CVE-2021-32735
was published
for
getkirby/cms
(Composer)
Jul 2, 2021
Unrestricted Uploads in Concrete5
High
CVE-2020-11476
was published
for
concrete5/concrete5
(Composer)
Nov 3, 2021
Browsershot does not validate URL protocols passed to Browsershot URL method
High
CVE-2022-41706
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
ProTip!
Advisories are also available from the
GraphQL API