Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,985
Erlang
29
GitHub Actions
16
Go
1,771
Maven
4,995
npm
3,541
NuGet
617
pip
3,120
Pub
10
RubyGems
838
Rust
788
Swift
34
Unreviewed advisories
All unreviewed
5,000+

175 advisories

Loading
OpenCart Cross-Site Request Forgery (CSRF) Low
CVE-2020-28838 was published for opencart/opencart (Composer) May 24, 2022
Magento Information Disclosure vulnerability Low
CVE-2021-28566 was published for magento/community-edition (Composer) May 24, 2022
Failed payment recorded has completed in Silverstripe Omnipay Low
CVE-2022-29254 was published for silverstripe/silverstripe-omnipay (Composer) Jun 6, 2022
Cross site scripting in Concrete CMS Low
CVE-2022-30120 was published for concrete5/core (Composer) Jun 25, 2022
Byobu user preference to prevent private discussions being started are not respected Low
CVE-2022-35921 was published for fof/byobu (Composer) Aug 6, 2022
EC-CUBE Directory traversal vulnerability Low
CVE-2022-40199 was published for ec-cube/ec-cube (Composer) Sep 28, 2022
Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued Low
CVE-2022-39284 was published for codeigniter4/framework (Composer) Oct 6, 2022
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted Low
CVE-2023-22489 was published for flarum/core (Composer) Jan 10, 2023
clarkwinkelmann
Shopware's log module vulnerable to Improper Output Neutralization Low
CVE-2023-22733 was published for shopware/core (Composer) Jan 20, 2023
Shopware has Insufficient Session Expiration in Administration Low
CVE-2023-22732 was published for shopware/core (Composer) Jan 20, 2023
Timing attack in eZ Platform Ibexa Low
CVE-2022-48366 was published for ezsystems/ezplatform-kernel (Composer) Mar 12, 2023
AzuraCast/AzuraCast vulnerable to cross-site scripting Low
CVE-2023-2191 was published for azuracast/azuracast (Composer) Apr 20, 2023
Stored cross site scripting in RSS displayer Low
CVE-2023-28820 was published for concrete5/concrete5 (Composer) Apr 28, 2023
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names Low
CVE-2023-28819 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
CraftCMS stored XSS in Quick Post widget error message Low
CVE-2023-33194 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
Admidio Improper Access Control vulnerability Low
CVE-2023-3303 was published for admidio/admidio (Composer) Jun 23, 2023
Winter CMS stored XSS through privileged upload of SVG file Low
CVE-2023-37269 was published for wintercms/winter (Composer) Jul 7, 2023
abhishekmorla
Information Disclosure due to Out-of-scope Site Resolution Low
CVE-2023-38499 was published for typo3/cms-core (Composer) Jul 25, 2023
fe-hicking ohader
bnf
Silverstripe Framework: Members with no password can be created and bypass custom login forms Low
CVE-2023-32302 was published for silverstripe/framework (Composer) Jul 31, 2023
sabina-talipova bimthebam
maxime-rainville
Froxlor vulnerable to business logic errors Low
CVE-2023-4304 was published for froxlor/froxlor (Composer) Aug 11, 2023
Economizzer Insecure Direct Object Reference vulnerability Low
CVE-2023-38872 was published for gugoan/economizzer (Composer) Sep 28, 2023
Download route allows filename change in eZpublish kernel Low
GHSA-946c-f9w6-2c25 was published for ezsystems/ezpublish-kernel (Composer) Nov 3, 2023
Ibexa DXP Download route allows filename change Low
GHSA-g95c-xc83-8353 was published for ibexa/core (Composer) Nov 3, 2023
Ibexa ezplatform-kernel download route allows filename change Low
GHSA-gv2c-5g79-h73c was published for ezsystems/ezplatform-kernel (Composer) Nov 3, 2023
Magnesium-PHP Injection vulnerability Low
CVE-2017-20187 was published for floriangaerber/magnesium (Composer) Nov 5, 2023
ProTip! Advisories are also available from the GraphQL API