Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,112
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

211 advisories

Loading
Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature Low
CVE-2024-1246 was published for concrete5/concrete5 (Composer) Feb 9, 2024
Concrete CMS vulnerable to stored XSS in file tags and description attributes Low
CVE-2024-1245 was published for concrete5/concrete5 (Composer) Feb 9, 2024
Concrete CMS vulnerable to stored XSS via the Role Name field Low
CVE-2024-1247 was published for concrete5/concrete5 (Composer) Feb 9, 2024
XML External Entity in Dashboard Widget Low
CVE-2020-26229 was published for typo3/cms (Composer) Nov 23, 2020
TYPO3 Backend vulnerable to Cross-site Scripting Low
CVE-2009-3629 was published for typo3/cms-backend (Composer) May 2, 2022
Symfony Session Fixation Vulnerability Low
CVE-2015-8124 was published for symfony/security (Composer) May 14, 2022
Drupal cross-site scripting vulnerability via actions feature and trigger module Low
CVE-2010-3094 was published for drupal/drupal (Composer) May 17, 2022
TYPO3 Cross-site scripting (XSS) vulnerability in the click enlarge functionality Low
CVE-2010-5097 was published for typo3/cms-frontend (Composer) May 17, 2022
TYPO3 Cross-site scripting (XSS) vulnerability in the FORM content object Low
CVE-2010-5098 was published for typo3/cms-frontend (Composer) May 17, 2022
TYPO3 Cross-Site Scripting vulnerability in the Install Tool Low
CVE-2010-5100 was published for typo3/cms-install (Composer) May 17, 2022
Information disclosure of source code in SimpleSAMLphp Low
CVE-2020-5301 was published for simplesamlphp/simplesamlphp (Composer) Apr 22, 2020
slawn
Sulu HTML Injection via Autocomplete Suggestion Low
CVE-2024-24807 was published for sulu/sulu (Composer) Feb 5, 2024
Use of a Broken or Risky Cryptographic Algorithm Low
CVE-2021-27913 was published for mautic/core (Composer) Sep 1, 2021
michaellrowley mohit-rocks
tdunlap607
Typo3 XSS Vulnerabilities Low
CVE-2014-3943 was published for typo3/cms (Composer) May 14, 2022
Prevent cache poisoning via a Response Content-Type header in Symfony Low
CVE-2020-5255 was published for symfony/http-foundation (Composer) Mar 30, 2020
xavierlacot yceruto
Tobion
SilverStripe Priviledge escalation through cache pollution Low
CVE-2019-12617 was published for silverstripe/framework (Composer) Nov 12, 2019
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions Low
CVE-2024-24754 was published for bref/bref (Composer) Feb 1, 2024
smaury
Moodle allows attackers to bypass intended login restrictions Low
CVE-2015-3179 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle cross-site scripting (XSS) vulnerability Low
CVE-2015-3178 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle does not set the RISK_XSS bit for graders Low
CVE-2015-3174 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle cross-site scripting (XSS) vulnerability Low
CVE-2015-2273 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle does not set the RISK_XSS bit for graders Low
CVE-2015-0216 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle cross-site scripting (XSS) vulnerability Low
CVE-2015-0212 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle XSS Vulnerability Low
CVE-2015-2269 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle allows attackers to upload files containing JavaScript Low
CVE-2014-7835 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database