Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,804
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,007
Pub
10
RubyGems
830
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Duplicate Advisory: AVideo cross-site scripting vulnerability in the view/about.php page Low
GHSA-qvwg-c35p-rqhj was published for wwbn/avideo (Composer) May 14, 2024 withdrawn
Duplicate Advisory: Sylius Cross Site Scripting (XSS) vulnerability Moderate
GHSA-mw82-6m2g-qh6c was published for sylius/sylius (Composer) Apr 22, 2024 withdrawn
Duplicate Advisory: Kirby vulnerable to self cross-site scripting (self-XSS) in the URL field Moderate
GHSA-w879-mxj5-c3wf was published for getkirby/cms (Composer) Feb 22, 2024 withdrawn
Duplicate Advisory: Unrestricted file upload of user avatar images Moderate
GHSA-fr72-9665-w3gr was published for getkirby/cms (Composer) Feb 22, 2024 withdrawn
livewire Cross-Site Request Forgery vulnerability High
CVE-2024-22859 was published for livewire/livewire (Composer) Feb 1, 2024 withdrawn
Treggats valorin
Duplicate Advisory: TYPO3 Arbitrary File Read via Directory Traversal Moderate
GHSA-3gjc-mp82-fj4q was published for typo3/cms-core (Composer) Dec 25, 2023 withdrawn
Withdrawn Advisory: October Cross-site Scripting vulnerability Moderate
CVE-2023-43876 was published for october/cms (Composer) Sep 28, 2023 withdrawn
daftspunk
Duplicate Advisory: Wallabag user can reset data unintentionally Moderate
GHSA-rwpg-4c4c-v3r4 was published for wallabag/wallabag (Composer) Aug 21, 2023 withdrawn
Duplicate Advisory: Wallabag user can delete own API client unintentionally Moderate
GHSA-gvvx-fc6p-2h9x was published for wallabag/wallabag (Composer) Aug 21, 2023 withdrawn
Duplicate Advisory: elFinder vulnerable to path traversal in LocalVolumeDriver connector High
GHSA-3p2q-mh7q-9pxj was published for studio-42/elfinder (Composer) Jun 19, 2023 withdrawn
Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability High
CVE-2023-30179 was published for craftcms/cms (Composer) Jun 13, 2023 withdrawn
angrybrad
Duplicate Advisory: PrestaShop Cross-site Scripting vulnerability Moderate
CVE-2023-31508 was published for prestashop/prestashop (Composer) May 12, 2023 withdrawn
Duplicate Advisory: Cross-site Scripting (XSS) in name field of Custom Reports Moderate
GHSA-6gp6-xj27-g89q was published for pimcore/pimcore (Composer) May 10, 2023 withdrawn
Duplicate Advisory: Cross-site Scripting (XSS) in Predefined Properties delete Moderate
GHSA-j93v-cx26-2xc4 was published for pimcore/pimcore (Composer) May 10, 2023 withdrawn
Duplicate Advisory: Pimcore Cross-site Scripting (XSS) in Static Routes name field Moderate
GHSA-g947-422m-hr7p was published for pimcore/pimcore (Composer) May 10, 2023 withdrawn
Duplicate Advisory: AVideo contains Command injection when embedding a video link Critical
GHSA-wj6r-53f5-q789 was published for wwbn/avideo (Composer) Apr 25, 2023 withdrawn
Withdrawn: SQL injection in Yii 2 Critical
CVE-2023-26750 was published for yiisoft/yii2 (Composer) Apr 4, 2023 withdrawn
ccchapman iBotPeaches
Duplicate Advisory: pimcore is vulnerable to cross-site scripting in classes module Moderate
GHSA-3r5c-h7g6-cqw7 was published for pimcore/pimcore (Composer) Mar 29, 2023 withdrawn
Duplicate Advisory: pimcore is vulnerable to cross-site scripting in translate module Moderate
GHSA-rp78-4562-gx3c was published for pimcore/pimcore (Composer) Mar 29, 2023 withdrawn
Duplicate Advisory: Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings Moderate
GHSA-6mmf-qm37-pmgg was published for pimcore/pimcore (Composer) Mar 29, 2023 withdrawn
Duplicate Advisory: Pimcore Cross-site scripting in Predefined Asset Metadata module in Settings Moderate
GHSA-69fc-v223-6rjw was published for pimcore/pimcore (Composer) Mar 29, 2023 withdrawn
svg-sanitizer has Cross-site Scripting Bypass Moderate
CVE-2023-28426 was published for enshrined/svg-sanitize (Composer) Mar 20, 2023 withdrawn
Cyxow ohader
Withdrawn Advisory: Pimcore vulnerable to Cross-site Scripting Moderate
CVE-2023-1247 was published for pimcore/pimcore (Composer) Mar 7, 2023 withdrawn
valantic-cx-alps
Withdrawn: wallabag subject to Improper Authorization via annotations Moderate
GHSA-xrw3-wqph-3fxg was published for wallabag/wallabag (Composer) Feb 1, 2023 withdrawn
Withdrawn: wallabag subject to Improper Authorization Moderate
GHSA-h45f-rjvw-2rv2 was published for wallabag/wallabag (Composer) Feb 1, 2023 withdrawn
ProTip! Advisories are also available from the GraphQL API