Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,708 advisories

Loading
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0308 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0309 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
phpMyFAQ Stored Cross-site Scripting vulnerability Moderate
CVE-2023-0310 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
CakePHP vulnerable to Cross-site Scripting in some development error pages Moderate
GHSA-xwhj-pqcg-8rcr was published for cakephp/cakephp (Composer) Jan 20, 2023
CakePHP vulnerable to Remote File Inclusion through View template name manipulation Moderate
GHSA-p76f-wr22-4rv6 was published for cakephp/cakephp (Composer) Jan 20, 2023
CakePHP allows direct access of prefixed controller actions Moderate
GHSA-6hg4-vp5q-47mw was published for cakephp/cakephp (Composer) Jan 20, 2023
CakePHP SecurityComponent cross form submission issue Moderate
GHSA-j9q2-f9q7-jhgq was published for cakephp/cakephp (Composer) Jan 20, 2023
Shopware has Improper Input Validation issue in newsletter subscription Moderate
CVE-2023-22734 was published for shopware/core (Composer) Jan 20, 2023
CakePHP has incorrect Cross-Site Request Forgery validation Moderate
GHSA-829q-v5g8-hhxc was published for cakephp/cakephp (Composer) Jan 20, 2023
PocketMine-MP vulnerable to denial-of-service by sending large modal form responses Moderate
GHSA-7m9r-rq9j-wmmh was published for pocketmine/pocketmine-mp (Composer) Jan 10, 2023
AkmalFairuz
phpxmlrpc vulnerable to argument injection Moderate
GHSA-q7qq-9gx2-ggxv was published for phpxmlrpc/phpxmlrpc (Composer) Dec 2, 2022
OroCommerce vulnerable to XSS when adding class name to Selector Manager on pages that use GrapeJS editor Moderate
GHSA-6f85-3f8q-qc94 was published for oro/commerce (Composer) Jul 15, 2022
Bypass of CMS Safe Mode Security Feature Moderate
GHSA-q37h-jhf3-85cj was published for wintercms/winter (Composer) Jul 15, 2022
cydave
XML-RPC for PHP allows access to local files via malicious argument to the Client::send method Moderate
GHSA-m95x-m25c-w9mp was published for phpxmlrpc/phpxmlrpc (Composer) Jan 11, 2023
TatianaGarcia94
XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument Moderate
GHSA-7vcx-v65q-9wpg was published for phpxmlrpc/phpxmlrpc (Composer) Jan 11, 2023
TatianaGarcia94
XML-RPC for PHP's debugger vulnerable to possible XSS attack Moderate
GHSA-pxqj-xrv5-qvjf was published for phpxmlrpc/phpxmlrpc (Composer) Jan 11, 2023
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5 Moderate
CVE-2020-26255 was published for getkirby/cms (Composer) Dec 8, 2020
XSS in various backend modules due to (un)escaping in JS notification module Moderate
GHSA-jfxf-4frr-9j3q was published for neos/neos (Composer) May 25, 2022
Denial-of-service vulnerability processing large chat messages containing many newlines Moderate
GHSA-gj94-v4p9-w672 was published for pocketmine/pocketmine-mp (Composer) May 25, 2022
Improper Certificate Validation in node-sass affects eZ Platform Moderate
GHSA-6v6p-g8cg-2hgg was published for ezsystems/ezplatform-admin-ui (Composer) Apr 1, 2022
Object injection in cookie driver in phpfastcache Moderate
CVE-2019-16774 was published for phpfastcache/phpfastcache (Composer) Dec 12, 2019
Geolim4
Possibility for Denial of Service by overwriting PHP files with language exports Moderate
GHSA-3fvf-2gp4-89wq was published for barryvdh/laravel-translation-manager (Composer) Mar 18, 2022
Improper regex in htaccess file Moderate
CVE-2022-25769 was published for mautic/core (Composer) Mar 1, 2022
mollux
Impersonation of other users (passing XBOX Live authentication) by theft of logins in PocketMine-MP Moderate
GHSA-h79x-98r2-g6qc was published for pocketmine/pocketmine-mp (Composer) Jan 21, 2022
Insufficient Session Expiration in Pterodactyl API Moderate
GHSA-7v3x-h7r2-34jv was published for pterodactyl/panel (Composer) Jan 21, 2022
EgoMaw
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database