GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
177 advisories
Filter by severity
Concrete CMS Stored XSS on the calendar color settings screen
Low
CVE-2024-2753
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Stored XSS in the Custom Class page editing
Low
CVE-2024-3179
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Stored XSS in the Search Field
Low
CVE-2024-3181
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
Concrete CMS Stored XSS in blocks of type file
Low
CVE-2024-3180
was published
for
concrete5/concrete5
(Composer)
Apr 3, 2024
RosarioSIS cross site scripting vulnerability
Low
CVE-2024-3138
was published
for
francoisjacquet/rosariosis
(Composer)
Apr 2, 2024
phpMyFAQ Path Traversal in Attachments
Low
CVE-2024-29196
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
[TagAwareCipher] - Decryption Failure (Regex Match)
Low
CVE-2024-28864
was published
for
ilicmiljan/secure-props
(Composer)
Mar 18, 2024
Concrete CMS Stored Cross-site Scripting vulnerability
Low
CVE-2024-2179
was published
for
concrete5/concrete5
(Composer)
Mar 5, 2024
Concrete CMS Stored XSS
Low
CVE-2023-49337
was published
for
concrete5/concrete5
(Composer)
Feb 29, 2024
Authorization Bypass in moodle
Low
CVE-2024-25983
was published
for
moodle/moodle
(Composer)
Feb 19, 2024
Concrete CMS vulnerable to stored XSS via the Role Name field
Low
CVE-2024-1247
was published
for
concrete5/concrete5
(Composer)
Feb 9, 2024
Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature
Low
CVE-2024-1246
was published
for
concrete5/concrete5
(Composer)
Feb 9, 2024
Concrete CMS vulnerable to stored XSS in file tags and description attributes
Low
CVE-2024-1245
was published
for
concrete5/concrete5
(Composer)
Feb 9, 2024
Sulu HTML Injection via Autocomplete Suggestion
Low
CVE-2024-24807
was published
for
sulu/sulu
(Composer)
Feb 5, 2024
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions
Low
CVE-2024-24754
was published
for
bref/bref
(Composer)
Feb 1, 2024
Flarum's logout Route allows open redirects
Low
CVE-2024-21641
was published
for
flarum/core
(Composer)
Jan 5, 2024
Gila CMS SQL Injection vulnerability
Low
CVE-2020-26625
was published
for
gilacms/gila
(Composer)
Jan 3, 2024
Gila CMS SQL Injection vulnerability
Low
CVE-2020-26624
was published
for
gilacms/gila
(Composer)
Jan 3, 2024
Winter CMS Local File Inclusion through Server Side Template Injection
Low
CVE-2023-52085
was published
for
winter/wn-backend-module
(Composer)
Jan 2, 2024
Winter CMS Stored XSS through Backend ColorPicker FormWidget
Low
CVE-2023-52084
was published
for
winter/wn-backend-module
(Composer)
Dec 28, 2023
Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming
Low
CVE-2023-52083
was published
for
winter/wn-system-module
(Composer)
Dec 28, 2023
Stored Cross-site scripting affecting automad/automad
Low
CVE-2023-7035
was published
for
automad/automad
(Composer)
Dec 21, 2023
yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation
Low
CVE-2023-50708
was published
for
yiisoft/yii2-authclient
(Composer)
Dec 18, 2023
Microweber missing standardized error handling mechanism
Low
CVE-2023-6599
was published
for
microweber/microweber
(Composer)
Dec 8, 2023
Concrete CMS Cross-site Scripting vulnerability
Low
CVE-2023-48649
was published
for
concrete5/concrete5
(Composer)
Nov 17, 2023
ProTip!
Advisories are also available from the
GraphQL API