GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,804
Erlang
29
GitHub Actions
16
Go
1,713
Maven
4,948
npm
3,477
NuGet
605
pip
3,007
Pub
10
RubyGems
830
Rust
774
Swift
34
Unreviewed advisories
All unreviewed
5,000+
36 advisories
Filter by severity
Duplicate Advisory: AVideo cross-site scripting vulnerability in the view/about.php page
Low
GHSA-qvwg-c35p-rqhj
was published
for
wwbn/avideo
(Composer)
May 14, 2024
•
withdrawn
Duplicate Advisory: Sylius Cross Site Scripting (XSS) vulnerability
Moderate
GHSA-mw82-6m2g-qh6c
was published
for
sylius/sylius
(Composer)
Apr 22, 2024
•
withdrawn
Duplicate Advisory: Kirby vulnerable to self cross-site scripting (self-XSS) in the URL field
Moderate
GHSA-w879-mxj5-c3wf
was published
for
getkirby/cms
(Composer)
Feb 22, 2024
•
withdrawn
Duplicate Advisory: Unrestricted file upload of user avatar images
Moderate
GHSA-fr72-9665-w3gr
was published
for
getkirby/cms
(Composer)
Feb 22, 2024
•
withdrawn
livewire Cross-Site Request Forgery vulnerability
High
CVE-2024-22859
was published
for
livewire/livewire
(Composer)
Feb 1, 2024
•
withdrawn
Duplicate Advisory: TYPO3 Arbitrary File Read via Directory Traversal
Moderate
GHSA-3gjc-mp82-fj4q
was published
for
typo3/cms-core
(Composer)
Dec 25, 2023
•
withdrawn
Withdrawn Advisory: October Cross-site Scripting vulnerability
Moderate
CVE-2023-43876
was published
for
october/cms
(Composer)
Sep 28, 2023
•
withdrawn
Duplicate Advisory: Wallabag user can reset data unintentionally
Moderate
GHSA-rwpg-4c4c-v3r4
was published
for
wallabag/wallabag
(Composer)
Aug 21, 2023
•
withdrawn
Duplicate Advisory: Wallabag user can delete own API client unintentionally
Moderate
GHSA-gvvx-fc6p-2h9x
was published
for
wallabag/wallabag
(Composer)
Aug 21, 2023
•
withdrawn
Duplicate Advisory: elFinder vulnerable to path traversal in LocalVolumeDriver connector
High
GHSA-3p2q-mh7q-9pxj
was published
for
studio-42/elfinder
(Composer)
Jun 19, 2023
•
withdrawn
Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability
High
CVE-2023-30179
was published
for
craftcms/cms
(Composer)
Jun 13, 2023
•
withdrawn
Duplicate Advisory: PrestaShop Cross-site Scripting vulnerability
Moderate
CVE-2023-31508
was published
for
prestashop/prestashop
(Composer)
May 12, 2023
•
withdrawn
Duplicate Advisory: Cross-site Scripting (XSS) in name field of Custom Reports
Moderate
GHSA-6gp6-xj27-g89q
was published
for
pimcore/pimcore
(Composer)
May 10, 2023
•
withdrawn
Duplicate Advisory: Cross-site Scripting (XSS) in Predefined Properties delete
Moderate
GHSA-j93v-cx26-2xc4
was published
for
pimcore/pimcore
(Composer)
May 10, 2023
•
withdrawn
Duplicate Advisory: Pimcore Cross-site Scripting (XSS) in Static Routes name field
Moderate
GHSA-g947-422m-hr7p
was published
for
pimcore/pimcore
(Composer)
May 10, 2023
•
withdrawn
Duplicate Advisory: AVideo contains Command injection when embedding a video link
Critical
GHSA-wj6r-53f5-q789
was published
for
wwbn/avideo
(Composer)
Apr 25, 2023
•
withdrawn
Withdrawn: SQL injection in Yii 2
Critical
CVE-2023-26750
was published
for
yiisoft/yii2
(Composer)
Apr 4, 2023
•
withdrawn
Duplicate Advisory: pimcore is vulnerable to cross-site scripting in classes module
Moderate
GHSA-3r5c-h7g6-cqw7
was published
for
pimcore/pimcore
(Composer)
Mar 29, 2023
•
withdrawn
Duplicate Advisory: pimcore is vulnerable to cross-site scripting in translate module
Moderate
GHSA-rp78-4562-gx3c
was published
for
pimcore/pimcore
(Composer)
Mar 29, 2023
•
withdrawn
Duplicate Advisory: Pimcore vulnerable to Reflected XSS in Predefined Properties module in Settings
Moderate
GHSA-6mmf-qm37-pmgg
was published
for
pimcore/pimcore
(Composer)
Mar 29, 2023
•
withdrawn
Duplicate Advisory: Pimcore Cross-site scripting in Predefined Asset Metadata module in Settings
Moderate
GHSA-69fc-v223-6rjw
was published
for
pimcore/pimcore
(Composer)
Mar 29, 2023
•
withdrawn
svg-sanitizer has Cross-site Scripting Bypass
Moderate
CVE-2023-28426
was published
for
enshrined/svg-sanitize
(Composer)
Mar 20, 2023
•
withdrawn
Withdrawn Advisory: Pimcore vulnerable to Cross-site Scripting
Moderate
CVE-2023-1247
was published
for
pimcore/pimcore
(Composer)
Mar 7, 2023
•
withdrawn
Withdrawn: wallabag subject to Improper Authorization via annotations
Moderate
GHSA-xrw3-wqph-3fxg
was published
for
wallabag/wallabag
(Composer)
Feb 1, 2023
•
withdrawn
Withdrawn: wallabag subject to Improper Authorization
Moderate
GHSA-h45f-rjvw-2rv2
was published
for
wallabag/wallabag
(Composer)
Feb 1, 2023
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API