GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,634
NuGet
638
pip
3,249
Pub
10
RubyGems
867
Rust
819
Swift
35
Unreviewed advisories
All unreviewed
5,000+
4,077 advisories
Filter by severity
Insufficient output escaping of attachment names in PHPMailer
High
CVE-2020-13625
was published
for
phpmailer/phpmailer
(Composer)
May 27, 2020
Local File read vulnerability in OctoberCMS
Moderate
CVE-2020-5295
was published
for
october/cms
(Composer)
Jun 3, 2020
Arbitrary File Deletion vulnerability in OctoberCMS
Moderate
CVE-2020-5296
was published
for
october/cms
(Composer)
Jun 3, 2020
Upload whitelisted files to any directory in OctoberCMS
Low
CVE-2020-5297
was published
for
october/cms
(Composer)
Jun 3, 2020
Reflected XSS when importing CSV in OctoberCMS
Moderate
CVE-2020-5298
was published
for
october/backend
(Composer)
Jun 3, 2020
Potential CSV Injection vector in OctoberCMS
Moderate
CVE-2020-5299
was published
for
october/backend
(Composer)
Jun 3, 2020
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar
Moderate
CVE-2020-11094
was published
for
rainlab/debugbar-plugin
(Composer)
Jun 3, 2020
Use of insecure jQuery version in OctoberCMS
Moderate
GHSA-v73w-r9xg-7cr9
was published
for
october/october
(Composer)
Jun 5, 2020
The filename of uploaded files vulnerable to stored XSS
High
CVE-2020-4041
was published
for
bolt/bolt
(Composer)
Jun 9, 2020
CSRF issue on preview pages in Bolt CMS
High
CVE-2020-4040
was published
for
bolt/bolt
(Composer)
Jun 9, 2020
Phar unserialization vulnerability in phpMussel
High
CVE-2020-4043
was published
for
Maikuolan/phpMussel
(Composer)
Jun 10, 2020
Cross-site Scripting in October
Low
CVE-2020-4061
was published
for
october/backend
(Composer)
Jul 2, 2020
Potentially sensitive data exposure in Symfony Web Socket Bundle
Moderate
GHSA-wwgf-3xp7-cxj4
was published
for
gos/web-socket-bundle
(Composer)
Jul 7, 2020
Broken access control on files
Moderate
CVE-2019-14273
was published
for
silverstripe/framework
(Composer)
Jul 15, 2020
Potential Remote Code Execution in TYPO3 with mediace extension
Critical
CVE-2020-15086
was published
for
friendsoftypo3/mediace
(Composer)
Jul 29, 2020
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
High
CVE-2020-15098
was published
for
typo3/cms
(Composer)
Jul 29, 2020
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
High
CVE-2020-15099
was published
for
typo3/cms
(Composer)
Jul 29, 2020
Incorrect access control in typo3_forum
Moderate
CVE-2020-15513
was published
for
mittwald/typo3_forum
(Composer)
Jul 29, 2020
Remote code execution in turn extension for TYPO3
High
CVE-2020-15515
was published
for
marcwillmann/turn
(Composer)
Jul 29, 2020
Cross-site Scripting vulnerability in Kitodo.Presentation
Moderate
CVE-2020-16095
was published
for
kitodo/presentation
(Composer)
Jul 31, 2020
Reliance on Cookies without validation in OctoberCMS
Moderate
CVE-2020-15128
was published
for
october/rain
(Composer)
Aug 5, 2020
Reset Password / Login vulnerability in Sulu
Moderate
CVE-2020-15132
was published
for
sulu/sulu
(Composer)
Aug 5, 2020
Observable Timing Discrepancy in OpenMage LTS
High
CVE-2020-15151
was published
for
openmage/magento-lts
(Composer)
Aug 19, 2020
Remote Code Execution in SyliusResourceBundle
Critical
CVE-2020-15146
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
ProTip!
Advisories are also available from the
GraphQL API