Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,714
Erlang
34
GitHub Actions
28
Go
2,301
Maven
5,000+
npm
3,942
NuGet
711
pip
3,711
Pub
12
RubyGems
920
Rust
960
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,682 advisories

Loading
Canceling of orders not related to the logged-in user Moderate
GHSA-wq3r-jwrq-xg6w was published for shopware/core (Composer) Jun 28, 2021
Authenticated Stored XSS in Administration Moderate
GHSA-f6p7-8xfw-fjqq was published for shopware/shopware (Composer) May 21, 2021
CKEditor 4 vulnerabilities in versions <4.16.1 Moderate
GHSA-cfcv-q4qq-2ph4 was published for pimcore/pimcore (Composer) Aug 23, 2021
non-admin users can create integration role with administrator role Moderate
GHSA-243q-g9j3-qf6r was published for shopware/core (Composer) Jun 28, 2021
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext Moderate
GHSA-9jp8-cwwx-p64q was published for ezsystems/ezplatform-admin-ui (Composer) Dec 1, 2021
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection Moderate
GHSA-gqqf-g5r7-84vf was published for typo3/cms-core (Composer) Sep 15, 2022
XSS vulnerability in translations Moderate
GHSA-rrgw-3hg3-9x8c was published for oro/platform (Composer) Jan 12, 2022
Book page text, count, and author/title length is not limited in PocketMine-MP Moderate
GHSA-p62j-hrxm-xcxf was published for pocketmine/pocketmine-mp (Composer) Jan 6, 2022
Insufficient Session Expiration in Pterodactyl API Moderate
GHSA-7v3x-h7r2-34jv was published for pterodactyl/panel (Composer) Jan 21, 2022
EgoMaw
Impersonation of other users (passing XBOX Live authentication) by theft of logins in PocketMine-MP Moderate
GHSA-h79x-98r2-g6qc was published for pocketmine/pocketmine-mp (Composer) Jan 21, 2022
Improper regex in htaccess file Moderate
CVE-2022-25769 was published for mautic/core (Composer) Mar 1, 2022
mollux
Possibility for Denial of Service by overwriting PHP files with language exports Moderate
GHSA-3fvf-2gp4-89wq was published for barryvdh/laravel-translation-manager (Composer) Mar 18, 2022
Object injection in cookie driver in phpfastcache Moderate
CVE-2019-16774 was published for phpfastcache/phpfastcache (Composer) Dec 12, 2019
Geolim4
Improper Certificate Validation in node-sass affects eZ Platform Moderate
GHSA-6v6p-g8cg-2hgg was published for ezsystems/ezplatform-admin-ui (Composer) Apr 1, 2022
Denial-of-service vulnerability processing large chat messages containing many newlines Moderate
GHSA-gj94-v4p9-w672 was published for pocketmine/pocketmine-mp (Composer) May 25, 2022
XSS in various backend modules due to (un)escaping in JS notification module Moderate
GHSA-jfxf-4frr-9j3q was published for neos/neos (Composer) May 25, 2022
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5 Moderate
CVE-2020-26255 was published for getkirby/cms (Composer) Dec 8, 2020
XML-RPC for PHP's debugger vulnerable to possible XSS attack Moderate
GHSA-pxqj-xrv5-qvjf was published for phpxmlrpc/phpxmlrpc (Composer) Jan 11, 2023
XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument Moderate
GHSA-7vcx-v65q-9wpg was published for phpxmlrpc/phpxmlrpc (Composer) Jan 11, 2023
TatianaGarcia94
XML-RPC for PHP allows access to local files via malicious argument to the Client::send method Moderate
GHSA-m95x-m25c-w9mp was published for phpxmlrpc/phpxmlrpc (Composer) Jan 11, 2023
TatianaGarcia94
Bypass of CMS Safe Mode Security Feature Moderate
GHSA-q37h-jhf3-85cj was published for wintercms/winter (Composer) Jul 15, 2022
cydave
OroCommerce vulnerable to XSS when adding class name to Selector Manager on pages that use GrapeJS editor Moderate
GHSA-6f85-3f8q-qc94 was published for oro/commerce (Composer) Jul 15, 2022
phpxmlrpc vulnerable to argument injection Moderate
GHSA-q7qq-9gx2-ggxv was published for phpxmlrpc/phpxmlrpc (Composer) Dec 2, 2022
PocketMine-MP vulnerable to denial-of-service by sending large modal form responses Moderate
GHSA-7m9r-rq9j-wmmh was published for pocketmine/pocketmine-mp (Composer) Jan 10, 2023
AkmalFairuz
CakePHP has incorrect Cross-Site Request Forgery validation Moderate
GHSA-829q-v5g8-hhxc was published for cakephp/cakephp (Composer) Jan 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database