Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,652
Erlang
34
GitHub Actions
26
Go
2,257
Maven
5,000+
npm
3,909
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

81 advisories

Loading
Prevent injection of invalid entity ids for "autocomplete" fields Moderate
CVE-2023-41336 was published for symfony/ux-autocomplete (Composer) Sep 11, 2023
janklan
PrestaShop file deletion via CustomerMessage Moderate
CVE-2023-39530 was published for prestashop/prestashop (Composer) Aug 9, 2023
kto94
PrestaShop file deletion via attachment API Moderate
CVE-2023-39529 was published for prestashop/prestashop (Composer) Aug 9, 2023
kto94
omeka/omeka-s Improper Input Validation vulnerability Moderate
CVE-2023-4157 was published for omeka/omeka-s (Composer) Aug 4, 2023
Pimcore vulnerable to Business Logic Errors via Customer automation rules Moderate
CVE-2023-32075 was published for pimcore/customer-management-framework-bundle (Composer) May 11, 2023
khanhchauminh
Firefly III vulnerable to improper input validation Moderate
CVE-2023-1789 was published for grumpydictator/firefly-iii (Composer) Apr 1, 2023
phpMyFAQ vulnerable to improper input validation Moderate
CVE-2023-1754 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
Moodle arbitrary file read vulnerability Moderate
CVE-2023-28330 was published for moodle/moodle (Composer) Mar 23, 2023
Moodle Improper Input Validation vulnerability Moderate
CVE-2021-36402 was published for moodle/moodle (Composer) Mar 7, 2023
Shopware has Improper Input Validation issue in newsletter subscription Moderate
CVE-2023-22734 was published for shopware/core (Composer) Jan 20, 2023
Shopware vulnerable to Improper Input Validation of Clearance sale in cart Moderate
CVE-2023-22730 was published for shopware/core (Composer) Jan 17, 2023
JoshuaBehrens aragon999
Browsershot version 3.57.3 vulnerable to improper input validation Moderate
CVE-2022-43984 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent Moderate
CVE-2022-36032 was published for react/http (Composer) Sep 16, 2022
lavish
Magento Improper input validation vulnerability Moderate
CVE-2021-28585 was published for magento/community-edition (Composer) May 24, 2022
Froxlor Information Disclosure Moderate
CVE-2020-10236 was published for froxlor/froxlor (Composer) May 24, 2022
Magento 2 Community Edition Information Disclosure Moderate
CVE-2019-7898 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition Information Disclosure Moderate
CVE-2019-7899 was published for magento/community-edition (Composer) May 24, 2022
Moodle Private files uploaded via incoming mail processing could bypass quota restrictions Moderate
CVE-2019-10134 was published for moodle/moodle (Composer) May 24, 2022
Typo3 API XSS Vulnerabilities Moderate
CVE-2012-1608 was published for typo3/cms (Composer) May 17, 2022
Silverstripe CMS Arbitrary Code Execution Moderate
CVE-2011-4962 was published for silverstripe/cms (Composer) May 17, 2022
Drupal Open Redirect Moderate
CVE-2012-1589 was published for drupal/drupal (Composer) May 17, 2022
TYPO3 allows remote attackers to embed Flash videos from external domain Moderate
CVE-2015-8760 was published for typo3/cms (Composer) May 17, 2022
Drupal Denial of service via transliterate mechanism Moderate
CVE-2016-9452 was published for drupal/core (Composer) May 17, 2022
phpMyAdmin Improper Input Validation Moderate
CVE-2016-2562 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
TYPO3 OpenID extension Open redirect vulnerability Moderate
CVE-2013-7079 was published for friendsoftypo3/openid (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database