Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

4,023 advisories

Loading
Insufficient output escaping of attachment names in PHPMailer High
CVE-2020-13625 was published for phpmailer/phpmailer (Composer) May 27, 2020
Local File read vulnerability in OctoberCMS Moderate
CVE-2020-5295 was published for october/cms (Composer) Jun 3, 2020
staz0t
Arbitrary File Deletion vulnerability in OctoberCMS Moderate
CVE-2020-5296 was published for october/cms (Composer) Jun 3, 2020
staz0t
Upload whitelisted files to any directory in OctoberCMS Low
CVE-2020-5297 was published for october/cms (Composer) Jun 3, 2020
staz0t
Reflected XSS when importing CSV in OctoberCMS Moderate
CVE-2020-5298 was published for october/backend (Composer) Jun 3, 2020
staz0t
Potential CSV Injection vector in OctoberCMS Moderate
CVE-2020-5299 was published for october/backend (Composer) Jun 3, 2020
staz0t
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar Moderate
CVE-2020-11094 was published for rainlab/debugbar-plugin (Composer) Jun 3, 2020
vogon101
Use of insecure jQuery version in OctoberCMS Moderate
GHSA-v73w-r9xg-7cr9 was published for october/october (Composer) Jun 5, 2020
mrgswift
The filename of uploaded files vulnerable to stored XSS High
CVE-2020-4041 was published for bolt/bolt (Composer) Jun 9, 2020
staz0t
CSRF issue on preview pages in Bolt CMS High
CVE-2020-4040 was published for bolt/bolt (Composer) Jun 9, 2020
staz0t
Phar unserialization vulnerability in phpMussel High
CVE-2020-4043 was published for Maikuolan/phpMussel (Composer) Jun 10, 2020
Maikuolan
Cross-site Scripting in October Low
CVE-2020-4061 was published for october/backend (Composer) Jul 2, 2020
tomaszstrojny
Potentially sensitive data exposure in Symfony Web Socket Bundle Moderate
GHSA-wwgf-3xp7-cxj4 was published for gos/web-socket-bundle (Composer) Jul 7, 2020
phproberto
Broken access control on files Moderate
CVE-2019-14273 was published for silverstripe/framework (Composer) Jul 15, 2020
Potential Remote Code Execution in TYPO3 with mediace extension Critical
CVE-2020-15086 was published for friendsoftypo3/mediace (Composer) Jul 29, 2020
ohader
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS High
CVE-2020-15098 was published for typo3/cms (Composer) Jul 29, 2020
ohader
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS High
CVE-2020-15099 was published for typo3/cms (Composer) Jul 29, 2020
ohader
Incorrect access control in typo3_forum Moderate
CVE-2020-15513 was published for mittwald/typo3_forum (Composer) Jul 29, 2020
Remote code execution in turn extension for TYPO3 High
CVE-2020-15515 was published for marcwillmann/turn (Composer) Jul 29, 2020
Cross-site Scripting vulnerability in Kitodo.Presentation Moderate
CVE-2020-16095 was published for kitodo/presentation (Composer) Jul 31, 2020
ohader
Stored XSS in October Low
CVE-2020-11083 was published for october/backend (Composer) Aug 5, 2020
staz0t
Reliance on Cookies without validation in OctoberCMS Moderate
CVE-2020-15128 was published for october/rain (Composer) Aug 5, 2020
Reset Password / Login vulnerability in Sulu Moderate
CVE-2020-15132 was published for sulu/sulu (Composer) Aug 5, 2020
Synacktiv-contrib TomKeur
Prokyonn
Observable Timing Discrepancy in OpenMage LTS High
CVE-2020-15151 was published for openmage/magento-lts (Composer) Aug 19, 2020
Flyingmana theroch
Remote Code Execution in SyliusResourceBundle Critical
CVE-2020-15146 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks tdunlap607
ProTip! Advisories are also available from the GraphQL API