GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,715
Erlang
34
GitHub Actions
28
Go
2,302
Maven
5,000+
npm
3,946
NuGet
711
pip
3,716
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+
4,716 advisories
Filter by severity
Private data exposure via REST API in BuddyPress
High
CVE-2020-5244
was published
for
buddypress/buddypress
(Composer)
Feb 24, 2020
Reflected XSS in SilverStripe
Moderate
CVE-2019-19325
was published
for
silverstripe/framework
(Composer)
Feb 24, 2020
Sanitizer bypass in svg-sanitizer
Moderate
CVE-2019-10772
was published
for
enshrined/svg-sanitize
(Composer)
Feb 27, 2020
class.upload.php in verot.net omits .pht from the set of dangerous file extensions
Critical
CVE-2019-19634
was published
for
verot/class.upload.php
(Composer)
Feb 28, 2020
Phar object injection in PHPMailer
High
CVE-2018-19296
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Local file disclosure in PHPMailer
Moderate
CVE-2017-5223
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Cross-site scripting in PHPMailer
Moderate
CVE-2017-11503
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Remote code execution in PHPMailer
Critical
CVE-2016-10045
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Remote code execution in PHPMailer
Critical
CVE-2016-10033
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
SMTP Injection in PHPMailer
Low
CVE-2015-8476
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Remote Code Execution Through Image Uploads in BookStack
High
CVE-2020-5256
was published
for
ssddanbrown/bookstack
(Composer)
Mar 13, 2020
Prevent cache poisoning via a Response Content-Type header in Symfony
Low
CVE-2020-5255
was published
for
symfony/http-foundation
(Composer)
Mar 30, 2020
Exceptions displayed in non-debug configurations in Symfony
Moderate
CVE-2020-5274
was published
for
symfony/error-handler
(Composer)
Mar 30, 2020
Firewall configured with unanimous strategy was not actually unanimous in Symfony
High
CVE-2020-5275
was published
for
symfony/security
(Composer)
Mar 30, 2020
XSS injection in the Grid component of Sylius
Moderate
CVE-2019-12186
was published
for
sylius/grid
(Composer)
Apr 15, 2020
Information disclosure of source code in SimpleSAMLphp
Low
CVE-2020-5301
was published
for
simplesamlphp/simplesamlphp
(Composer)
Apr 22, 2020
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11022
was published
for
athlon1600/youtube-downloader
(RubyGems)
Apr 29, 2020
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11023
was published
for
components/jquery
(RubyGems)
Apr 29, 2020
Cross-Site Scripting in BookStack
Moderate
CVE-2020-11055
was published
for
ssddanbrown/bookstack
(Composer)
May 7, 2020
Potential Code Injection in Sprout Forms
Critical
CVE-2020-11056
was published
for
barrelstrength/sprout-base-email
(Composer)
May 8, 2020
Cross-Site Scripting in SVG Sanitizer
Moderate
CVE-2020-11070
was published
for
t3g/svg-sanitizer
(Composer)
May 13, 2020
Information Disclosure in Password Reset
Low
CVE-2020-11063
was published
for
typo3/cms
(Composer)
May 13, 2020
Cross-Site Scripting in TYPO3 CMS Form Engine
Moderate
CVE-2020-11064
was published
for
typo3/cms
(Composer)
May 13, 2020
Cross-Site Scripting in TYPO3 CMS Link Handling
Moderate
CVE-2020-11065
was published
for
typo3/cms
(Composer)
May 13, 2020
Class destructors causing side-effects when being unserialized in TYPO3 CMS
High
CVE-2020-11066
was published
for
typo3/cms
(Composer)
May 13, 2020
ProTip!
Advisories are also available from the
GraphQL API