Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,748
Erlang
35
GitHub Actions
29
Go
2,321
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
921
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,264 advisories

Loading
LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0 High
CVE-2022-31158 was published for packbackbooks/lti-1-3-php-library (Composer) Jul 15, 2022
Feehi CMS arbitrary code execution via crafted PHP file High
CVE-2022-34971 was published for feehi/cms (Composer) Jul 28, 2022
ICEcoder vulnerable to Path Traversal High
CVE-2022-34026 was published for icecoder/icecoder (Composer) Sep 23, 2022
Possible cross-site scripting attack via unsanitized SVG files in FoF Upload High
CVE-2022-30999 was published for fof/upload (Composer) May 25, 2022
Caesar302
Cachet configuration leak High
CVE-2021-39174 was published for cachethq/cachet (Composer) Aug 30, 2021
thomas-chauchefoin-sonarsource
SQL Injection in dolibarr High
CVE-2022-0224 was published for dolibarr/dolibarr (Composer) Jan 21, 2022
Command injection in librenms High
CVE-2022-29712 was published for librenms/librenms (Composer) Jun 3, 2022
Cachet vulnerable to forced reinstall High
CVE-2021-39173 was published for cachethq/cachet (Composer) Aug 30, 2021
thomas-chauchefoin-sonarsource
Exposure of password hashes in notrinos/notrinos-erp High
CVE-2022-2921 was published for notrinos/notrinos-erp (Composer) Aug 22, 2022
Missing password strength check in notrinos/notrinos-erp High
CVE-2022-2927 was published for notrinos/notrinos-erp (Composer) Aug 23, 2022
The filename of uploaded files vulnerable to stored XSS High
CVE-2020-4041 was published for bolt/bolt (Composer) Jun 9, 2020
staz0t
CSRF issue on preview pages in Bolt CMS High
CVE-2020-4040 was published for bolt/bolt (Composer) Jun 9, 2020
staz0t
melisplatform/melis-asset-manager vulnerable to Path Traversal High
CVE-2022-39296 was published for melisplatform/melis-asset-manager (Composer) Oct 11, 2022
Akeneo PIM Community Edition vulnerable to remote php code execution High
CVE-2022-46157 was published for akeneo/pim-community-dev (Composer) Dec 9, 2022
October CMS auth bypass and account takeover High
CVE-2021-29487 was published for october/system (Composer) Aug 30, 2021
Concrete CMS vulnerable to Cross-site Request Forgery High
CVE-2022-43693 was published for concrete5/concrete5 (Composer) Nov 14, 2022
Grav's Twig processing allowing dangerous PHP functions by default High
CVE-2021-29440 was published for getgrav/grav (Composer) Apr 16, 2021
thomas-chauchefoin-sonarsource
October CMS Safe Mode bypass leads to authenticated Remote Code Execution High
CVE-2022-35944 was published for october/system (Composer) Oct 13, 2022
cydave daftspunk
elFinder unsafe upload filtering leading to remote code execution High
CVE-2021-23394 was published for studio-42/elfinder (Composer) Jun 15, 2021
assaf-benjosef thomas-chauchefoin-sonarsource
Dolibarr vulnerable to Improper Authentication and Improper Access Control High
CVE-2021-25956 was published for dolibarr/dolibarr (Composer) Sep 2, 2021
Centreon SQL Injection vulnerability via esc_name parameter High
CVE-2022-40043 was published for centreon/centreon (Composer) Sep 27, 2022
CodeIgniter4 Potential Session Handlers Vulnerability High
CVE-2022-46170 was published for codeigniter4/framework (Composer) Dec 22, 2022
srtnlgn
Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2021-32717 was published for shopware/platform (Composer) Sep 8, 2021
Command injection in mail agent settings High
CVE-2021-37708 was published for shopware/core (Composer) Aug 30, 2021
Malfunction of CSRF token validation in Shopware High
CVE-2022-24879 was published for shopware/shopware (Composer) Apr 28, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database