Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,296 advisories

Loading
Shopware has Improper Input Validation issue in newsletter subscription Moderate
CVE-2023-22734 was published for shopware/core (Composer) Jan 20, 2023
CakePHP SecurityComponent cross form submission issue Moderate
GHSA-j9q2-f9q7-jhgq was published for cakephp/cakephp (Composer) Jan 20, 2023
CakePHP allows direct access of prefixed controller actions Moderate
GHSA-6hg4-vp5q-47mw was published for cakephp/cakephp (Composer) Jan 20, 2023
CakePHP vulnerable to Remote File Inclusion through View template name manipulation Moderate
GHSA-p76f-wr22-4rv6 was published for cakephp/cakephp (Composer) Jan 20, 2023
CakePHP vulnerable to Cross-site Scripting in some development error pages Moderate
GHSA-xwhj-pqcg-8rcr was published for cakephp/cakephp (Composer) Jan 20, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0310 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0309 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0308 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ has Weak Password Requirements Moderate
CVE-2023-0307 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0306 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
Flarum notifications can leak restricted content Moderate
CVE-2023-22488 was published for flarum/core (Composer) Jan 10, 2023
clarkwinkelmann
Froxlor is vulnerable to path traversal Moderate
CVE-2023-0316 was published for froxlor/froxlor (Composer) Jan 16, 2023
thorsten/phpmyfaq is vulnerable to cross-site scripting (XSS) Moderate
CVE-2023-0312 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ Reflected Cross-site Scripting vulnerability Moderate
CVE-2023-0314 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0313 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
pimcore is vulnerable to cross-site scripting via "title field " in data objects Moderate
CVE-2023-0323 was published for pimcore/pimcore (Composer) Jan 20, 2023
Shopware vulnerable to Improper Input Validation of Clearance sale in cart Moderate
CVE-2023-22730 was published for shopware/core (Composer) Jan 17, 2023
JoshuaBehrens aragon999
Improper Authorization in grumpydictator/firefly-iii Moderate
CVE-2023-0298 was published for grumpydictator/firefly-iii (Composer) Jan 14, 2023
Cross-site Scripting in moodle Moderate
CVE-2021-43558 was published for moodle/moodle (Composer) Nov 23, 2021
Unrestricted file upload leads to stored cross-site scripting in Microweber Moderate
CVE-2022-0906 was published for microweber/microweber (Composer) Mar 11, 2022
Unrestricted Upload of File with Dangerous Type in Microweber Moderate
CVE-2022-0921 was published for microweber/microweber (Composer) Mar 12, 2022
Unrestricted Upload of File with Dangerous Type in microweber Moderate
CVE-2022-0912 was published for microweber/microweber (Composer) Mar 12, 2022
Cross-site Scripting in microweber Moderate
CVE-2022-0928 was published for microweber/microweber (Composer) Mar 12, 2022
Cross-site Scripting in ShowDoc Moderate
CVE-2022-0880 was published for showdoc/showdoc (Composer) Mar 13, 2022
Cross-site Scripting in ShowDoc Moderate
CVE-2022-0962 was published for showdoc/showdoc (Composer) Mar 15, 2022
ProTip! Advisories are also available from the GraphQL API