GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,726
Composer 4,023
Erlang 29
GitHub Actions 16
Go 1,830
Maven 5,045
npm 3,573
NuGet 632
pip 3,156
Pub 10
RubyGems 847
Rust 796
Swift 34

Unreviewed advisories

All unreviewed 224,724

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

2,318 advisories

Filter by severity

Sort by

Least recently updated

Cross-Site Scripting in Fluid view helpers Moderate

CVE-2020-26227 was published for typo3/cms (Composer) Dec 21, 2020

Cross-Site Scripting in Grav Moderate

GHSA-cvmr-6428-87w9 was published for getgrav/grav (Composer) Dec 10, 2020

Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5 Moderate

CVE-2020-26255 was published for getkirby/cms (Composer) Dec 8, 2020

Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled. Moderate

CVE-2020-15247 was published for october/cms (Composer) Nov 23, 2020

Reflected XSS with parameters in PostComment Moderate

CVE-2020-26225 was published for prestashop/productcomments (Composer) Nov 16, 2020

Authenticated XML External Entity Processing Moderate

GHSA-8xv9-qcr9-ww9j was published for shopware/core (Composer) Oct 19, 2020

Ability to switch customer email address on account detail page and stay verified Moderate

CVE-2020-15245 was published for sylius/sylius (Composer) Oct 19, 2020

XSS vulnerability when listing users on add & modify server pages. Moderate

GHSA-5822-pw57-vv37 was published for pterodactyl/panel (Composer) Oct 8, 2020

Cross-Site Scripting in ternary conditional operator Moderate

CVE-2020-15241 was published for typo3/cms (Composer) Oct 8, 2020

Contao Insert tag injection in forms Moderate

CVE-2020-25768 was published for contao/contao (Composer) Sep 24, 2020

Information Disclosure in TYPO3 extension sf_event_mgt Moderate

CVE-2020-25026 was published for derhansen/sf_event_mgt (Composer) Sep 2, 2020

Reset Password / Login vulnerability in Sulu Moderate

CVE-2020-15132 was published for sulu/sulu (Composer) Aug 5, 2020

Reliance on Cookies without validation in OctoberCMS Moderate

CVE-2020-15128 was published for october/rain (Composer) Aug 5, 2020

Cross-site Scripting vulnerability in Kitodo.Presentation Moderate

CVE-2020-16095 was published for kitodo/presentation (Composer) Jul 31, 2020

Incorrect access control in typo3_forum Moderate

CVE-2020-15513 was published for mittwald/typo3_forum (Composer) Jul 29, 2020

Broken access control on files Moderate

CVE-2019-14273 was published for silverstripe/framework (Composer) Jul 15, 2020

Potentially sensitive data exposure in Symfony Web Socket Bundle Moderate

GHSA-wwgf-3xp7-cxj4 was published for gos/web-socket-bundle (Composer) Jul 7, 2020

Use of insecure jQuery version in OctoberCMS Moderate

GHSA-v73w-r9xg-7cr9 was published for october/october (Composer) Jun 5, 2020

Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar Moderate

CVE-2020-11094 was published for rainlab/debugbar-plugin (Composer) Jun 3, 2020

Potential CSV Injection vector in OctoberCMS Moderate

CVE-2020-5299 was published for october/backend (Composer) Jun 3, 2020

Reflected XSS when importing CSV in OctoberCMS Moderate

CVE-2020-5298 was published for october/backend (Composer) Jun 3, 2020

Arbitrary File Deletion vulnerability in OctoberCMS Moderate

CVE-2020-5296 was published for october/cms (Composer) Jun 3, 2020

Local File read vulnerability in OctoberCMS Moderate

CVE-2020-5295 was published for october/cms (Composer) Jun 3, 2020

XSS in Dolibarr Moderate

CVE-2020-13094 was published for dolibarr/dolibarr (Composer) May 21, 2020

Cross-Site Scripting in TYPO3 CMS Link Handling Moderate

CVE-2020-11065 was published for typo3/cms (Composer) May 13, 2020

Previous 1 2 … 89 90 91 92 93 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

2,318 advisories