Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

177 advisories

Loading
Business Logic Errors in microweber Low
CVE-2022-0688 was published for microweber/microweber (Composer) Feb 21, 2022
Insufficient user authorization in Moodle Low
CVE-2022-0333 was published for moodle/moodle (Composer) Jan 28, 2022
Insufficient Session Expiration in shopware Low
CVE-2022-21652 was published for shopware/shopware (Composer) Jan 6, 2022
Inability to de-op players if listed in ops.txt with non-lowercase letters Low
GHSA-j5qg-w9jg-3wg3 was published for pocketmine/pocketmine-mp (Composer) Dec 16, 2021
Cross-Site Request Forgery in remdex/livehelperchat Low
CVE-2021-4049 was published for remdex/livehelperchat (Composer) Dec 10, 2021
bookstack is vulnerable to Cross-Site Request Forgery (CSRF) Low
CVE-2021-3944 was published for ssddanbrown/bookstack (Composer) Dec 3, 2021
snipe-it is vulnerable to Cross-site Scripting Low
CVE-2021-3938 was published for snipe/snipe-it (Composer) Nov 15, 2021
Cross-Site Request Forgery in firefly-iii Low
CVE-2021-3901 was published for grumpydictator/firefly-iii (Composer) Oct 28, 2021
pterodactyl/panel CSRF allowing an external page to trigger a user logout event Low
CVE-2021-41176 was published for pterodactyl/panel (Composer) Oct 25, 2021
HDVinnie
Improper Input Validation in Firefly III Low
CVE-2019-14671 was published for grumpydictator/firefly-iii (Composer) Sep 8, 2021
Use of a Broken or Risky Cryptographic Algorithm Low
CVE-2021-27913 was published for mautic/core (Composer) Sep 1, 2021
michaellrowley mohit-rocks
tdunlap607
Creation of order credits was not validated by acl in admin orders Low
GHSA-g7w8-pp9w-7p32 was published for shopware/core (Composer) Jun 28, 2021
Croos-site scripting in Croogo Low
CVE-2019-20789 was published for croogo/croogo (Composer) Jun 22, 2021
User enumeration in authentication mechanisms Low
GHSA-g2qj-pmxm-9f8f was published for symfony/security-http (Composer) May 17, 2021
User enumeration in authentication mechanisms Low
GHSA-2frx-j9hj-6c65 was published for lexik/jwt-authentication-bundle (Composer) May 17, 2021
mbrodala chalasr
User (Encrypted) Password Field Being Serialised Low
GHSA-7fjp-g4m7-fx23 was published for pwweb/laravel-core (Composer) Apr 13, 2021
Potential Session Hijacking Low
GHSA-h9q8-5gv2-v6mg was published for shopware/platform (Composer) Mar 12, 2021
Potential Host Header Poisoning on misconfigured servers Low
CVE-2021-21265 was published for october/backend (Composer) Mar 10, 2021
Generation of fake documents via public GET-call Low
GHSA-jvg4-9rc2-wvcr was published for shopware/platform (Composer) Feb 10, 2021
Blind SQL injection in PrestaShop productcomments module Low
CVE-2020-26248 was published for prestashop/productcomments (Composer) Jan 20, 2021
0xfadam
Authenticated Server Side Request Forgery Low
GHSA-8pfh-mm2g-hmc3 was published for shopware/core (Composer) Dec 21, 2020
Information exposure via query strings in URL Low
GHSA-cq6h-w3mc-57f4 was published for shopware/core (Composer) Dec 21, 2020
Authenticated Privilege Escalation Low
GHSA-5q58-x5h2-v5rx was published for shopware/core (Composer) Dec 21, 2020
XML External Entity in Dashboard Widget Low
CVE-2020-26229 was published for typo3/cms (Composer) Nov 23, 2020
Bypass of fix for CVE-2020-15247, Twig sandbox escape Low
CVE-2020-26231 was published for october/cms (Composer) Nov 23, 2020
ka1n4t
ProTip! Advisories are also available from the GraphQL API