GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,296 advisories
Filter by severity
Shopware has Improper Input Validation issue in newsletter subscription
Moderate
CVE-2023-22734
was published
for
shopware/core
(Composer)
Jan 20, 2023
CakePHP SecurityComponent cross form submission issue
Moderate
GHSA-j9q2-f9q7-jhgq
was published
for
cakephp/cakephp
(Composer)
Jan 20, 2023
CakePHP allows direct access of prefixed controller actions
Moderate
GHSA-6hg4-vp5q-47mw
was published
for
cakephp/cakephp
(Composer)
Jan 20, 2023
CakePHP vulnerable to Remote File Inclusion through View template name manipulation
Moderate
GHSA-p76f-wr22-4rv6
was published
for
cakephp/cakephp
(Composer)
Jan 20, 2023
CakePHP vulnerable to Cross-site Scripting in some development error pages
Moderate
GHSA-xwhj-pqcg-8rcr
was published
for
cakephp/cakephp
(Composer)
Jan 20, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability
Moderate
CVE-2023-0310
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability
Moderate
CVE-2023-0309
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability
Moderate
CVE-2023-0308
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
phpMyFAQ has Weak Password Requirements
Moderate
CVE-2023-0307
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability
Moderate
CVE-2023-0306
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
Flarum notifications can leak restricted content
Moderate
CVE-2023-22488
was published
for
flarum/core
(Composer)
Jan 10, 2023
Froxlor is vulnerable to path traversal
Moderate
CVE-2023-0316
was published
for
froxlor/froxlor
(Composer)
Jan 16, 2023
thorsten/phpmyfaq is vulnerable to cross-site scripting (XSS)
Moderate
CVE-2023-0312
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
phpMyFAQ Reflected Cross-site Scripting vulnerability
Moderate
CVE-2023-0314
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability
Moderate
CVE-2023-0313
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
pimcore is vulnerable to cross-site scripting via "title field " in data objects
Moderate
CVE-2023-0323
was published
for
pimcore/pimcore
(Composer)
Jan 20, 2023
Shopware vulnerable to Improper Input Validation of Clearance sale in cart
Moderate
CVE-2023-22730
was published
for
shopware/core
(Composer)
Jan 17, 2023
Improper Authorization in grumpydictator/firefly-iii
Moderate
CVE-2023-0298
was published
for
grumpydictator/firefly-iii
(Composer)
Jan 14, 2023
Cross-site Scripting in moodle
Moderate
CVE-2021-43558
was published
for
moodle/moodle
(Composer)
Nov 23, 2021
Unrestricted file upload leads to stored cross-site scripting in Microweber
Moderate
CVE-2022-0906
was published
for
microweber/microweber
(Composer)
Mar 11, 2022
Unrestricted Upload of File with Dangerous Type in Microweber
Moderate
CVE-2022-0921
was published
for
microweber/microweber
(Composer)
Mar 12, 2022
Unrestricted Upload of File with Dangerous Type in microweber
Moderate
CVE-2022-0912
was published
for
microweber/microweber
(Composer)
Mar 12, 2022
Cross-site Scripting in microweber
Moderate
CVE-2022-0928
was published
for
microweber/microweber
(Composer)
Mar 12, 2022
Cross-site Scripting in ShowDoc
Moderate
CVE-2022-0880
was published
for
showdoc/showdoc
(Composer)
Mar 13, 2022
Cross-site Scripting in ShowDoc
Moderate
CVE-2022-0962
was published
for
showdoc/showdoc
(Composer)
Mar 15, 2022
ProTip!
Advisories are also available from the
GraphQL API