GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
176 advisories
Filter by severity
Use of a Broken or Risky Cryptographic Algorithm
Low
CVE-2021-27913
was published
for
mautic/core
(Composer)
Sep 1, 2021
Sulu HTML Injection via Autocomplete Suggestion
Low
CVE-2024-24807
was published
for
sulu/sulu
(Composer)
Feb 5, 2024
Information disclosure of source code in SimpleSAMLphp
Low
CVE-2020-5301
was published
for
simplesamlphp/simplesamlphp
(Composer)
Apr 22, 2020
TYPO3 Cross-Site Scripting vulnerability in the Install Tool
Low
CVE-2010-5100
was published
for
typo3/cms-install
(Composer)
May 17, 2022
TYPO3 Cross-site scripting (XSS) vulnerability in the FORM content object
Low
CVE-2010-5098
was published
for
typo3/cms-frontend
(Composer)
May 17, 2022
TYPO3 Cross-site scripting (XSS) vulnerability in the click enlarge functionality
Low
CVE-2010-5097
was published
for
typo3/cms-frontend
(Composer)
May 17, 2022
Drupal cross-site scripting vulnerability via actions feature and trigger module
Low
CVE-2010-3094
was published
for
drupal/drupal
(Composer)
May 17, 2022
Symfony Session Fixation Vulnerability
Low
CVE-2015-8124
was published
for
symfony/security
(Composer)
May 14, 2022
TYPO3 Backend vulnerable to Cross-site Scripting
Low
CVE-2009-3629
was published
for
typo3/cms-backend
(Composer)
May 2, 2022
Information Disclosure in Password Reset
Low
CVE-2020-11063
was published
for
typo3/cms
(Composer)
May 13, 2020
XML External Entity in Dashboard Widget
Low
CVE-2020-26229
was published
for
typo3/cms
(Composer)
Nov 23, 2020
Concrete CMS vulnerable to stored XSS via the Role Name field
Low
CVE-2024-1247
was published
for
concrete5/concrete5
(Composer)
Feb 9, 2024
Concrete CMS vulnerable to stored XSS in file tags and description attributes
Low
CVE-2024-1245
was published
for
concrete5/concrete5
(Composer)
Feb 9, 2024
Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature
Low
CVE-2024-1246
was published
for
concrete5/concrete5
(Composer)
Feb 9, 2024
Concrete CMS Stored XSS
Low
CVE-2023-49337
was published
for
concrete5/concrete5
(Composer)
Feb 29, 2024
Concrete CMS Stored Cross-site Scripting vulnerability
Low
CVE-2024-2179
was published
for
concrete5/concrete5
(Composer)
Mar 5, 2024
Authorization Bypass in moodle
Low
CVE-2024-25983
was published
for
moodle/moodle
(Composer)
Feb 19, 2024
[TagAwareCipher] - Decryption Failure (Regex Match)
Low
CVE-2024-28864
was published
for
ilicmiljan/secure-props
(Composer)
Mar 18, 2024
phpMyFAQ Path Traversal in Attachments
Low
CVE-2024-29196
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
RosarioSIS cross site scripting vulnerability
Low
CVE-2024-3138
was published
for
francoisjacquet/rosariosis
(Composer)
Apr 2, 2024
Concrete CMS Stored XSS on the calendar color settings screen
Low
CVE-2024-2753
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
Low
CVE-2024-3178
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Stored XSS in the Custom Class page editing
Low
CVE-2024-3179
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Stored XSS in the Search Field
Low
CVE-2024-3181
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Stored XSS in blocks of type file
Low
CVE-2024-3180
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
ProTip!
Advisories are also available from the
GraphQL API