GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
33 advisories
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
XSS vulnerability that affects bootstrap
Moderate
CVE-2018-20676
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-20677
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Remote Code Execution in SyliusResourceBundle
Critical
CVE-2020-15146
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
Remote Code Execution in SyliusResourceBundle
High
CVE-2020-15143
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
Cross-site scripting (XSS) from field and configuration text displayed in the Panel
High
CVE-2021-32735
was published
for
getkirby/cms
(Composer)
Jul 2, 2021
Information Disclosure in User Authentication
Moderate
CVE-2021-32767
was published
for
typo3/cms
(Composer)
Jul 26, 2021
Cachet vulnerable to new line injection during configuration edition
High
CVE-2021-39172
was published
for
cachethq/cachet
(Composer)
Aug 30, 2021
Stored XSS vulnerability on Bounce Management Callback
High
CVE-2021-27910
was published
for
mautic/core
(Composer)
Sep 1, 2021
XSS vulnerability on password reset page
Moderate
CVE-2021-27909
was published
for
mautic/core
(Composer)
Sep 1, 2021
Use of a Broken or Risky Cryptographic Algorithm
Low
CVE-2021-27913
was published
for
mautic/core
(Composer)
Sep 1, 2021
Unrestricted Uploads in Concrete5
High
CVE-2020-11476
was published
for
concrete5/concrete5
(Composer)
Nov 3, 2021
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext
Moderate
GHSA-fxwm-rx68-p5vx
was published
for
ezsystems/ezplatform-richtext
(Composer)
Dec 1, 2021
Incorrect Authorization in Drupal core
Moderate
CVE-2020-13676
was published
for
drupal/core
(Composer)
Feb 12, 2022
Cross-site Scripting in Drupal Core
Moderate
CVE-2020-13668
was published
for
drupal/core
(Composer)
Feb 12, 2022
Cross-Site Request Forgery in Drupal core
Moderate
CVE-2020-13674
was published
for
drupal/core
(Composer)
Feb 12, 2022
Exposure of Resource to Wrong Sphere in Drupal Core
High
CVE-2020-13670
was published
for
drupal/core
(Composer)
Feb 12, 2022
Shopware user session is not logged out if the password is reset via password recovery
Low
CVE-2022-24744
was published
for
shopware/core
(Composer)
Mar 10, 2022
Cross site scripting in safe-svg
Moderate
CVE-2022-1091
was published
for
darylldoyle/safe-svg
(Composer)
Apr 19, 2022
Object state limitation has no effect
Critical
GHSA-5x4f-7xgq-r42x
was published
for
ezsystems/ezpublish-kernel
(Composer)
Apr 29, 2022
Bootstrap vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2018-14040
was published
for
bootstrap
(RubyGems)
May 13, 2022
CakePHP allows remote attackers to spoof their IP
High
CVE-2016-4793
was published
for
cakephp/cakephp
(Composer)
May 14, 2022
Login timing attack in ezsystems/ezpublish-kernel
Critical
GHSA-xfqg-p48g-hh94
was published
for
ezsystems/ezpublish-kernel
(Composer)
Jun 2, 2022
LibreNMS vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2022-36745
was published
for
librenms/librenms
(Composer)
Aug 31, 2022
Concrete CMS vulnerable to Improper Authentication
Moderate
CVE-2022-43690
was published
for
concrete5/concrete5
(Composer)
Nov 15, 2022
ProTip!
Advisories are also available from the
GraphQL API