Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,706 advisories

Loading
Kirby CMS 2.5.12 Cross-site Request Forgery Moderate
CVE-2018-14519 was published for getkirby/cms (Composer) Aug 25, 2022
Froxlor vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2022-3017 was published for froxlor/froxlor (Composer) Aug 29, 2022
baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability Moderate
CVE-2022-39325 was published for baserproject/basercms (Composer) Nov 28, 2022
TYPO3 CMS vulnerable to User Enumeration via Response Timing Moderate
CVE-2022-36105 was published for typo3/cms (Composer) Sep 16, 2022
Vautia
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling Moderate
CVE-2022-36104 was published for typo3/cms (Composer) Sep 16, 2022
rikwillems
Shopware access control list bypassed via crafted specific URLs Moderate
CVE-2022-36102 was published for shopware/shopware (Composer) Sep 16, 2022
Kirby CMS 2.5.12 Cross-site Scripting Moderate
CVE-2018-14520 was published for getkirby/cms (Composer) Aug 25, 2022
exceedone/exment and exceedone/laravel-admin Cross-site Scripting vulnerability Moderate
CVE-2022-38080 was published for exceedone/exment (Composer) Aug 25, 2022
Pagekit CMS cross-site scripting in Markdown text box where articles are edited Moderate
CVE-2022-36573 was published for pagekit/pagekit (Composer) Aug 29, 2022
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4194 was published for ssddanbrown/bookstack (Composer) Jan 8, 2022
Subrion CMS Cross-site Scripting (XSS) vulnerability in the `contact us` plugin Moderate
CVE-2021-41948 was published for intelliants/subrion (Composer) Apr 30, 2022
attritionorg
TYPO3 CMS missing check for expiration time of password reset token for backend users Moderate
CVE-2022-36106 was published for typo3/cms (Composer) Sep 16, 2022
infabo
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection Moderate
CVE-2022-36020 was published for typo3/cms (Composer) Sep 16, 2022
leeN
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController Moderate
CVE-2022-36107 was published for typo3/cms (Composer) Sep 16, 2022
Vautia
TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper Moderate
CVE-2022-36108 was published for typo3/cms (Composer) Sep 16, 2022
NeoBlack
Shopware contains sensitive data in backend customer module Moderate
CVE-2022-36101 was published for shopware/shopware (Composer) Sep 16, 2022
Cross-site Scripting in FacturaScripts Moderate
CVE-2022-2016 was published for facturascripts/facturascripts (Composer) Jun 10, 2022
Cross site scripting in librenms Moderate
CVE-2022-29711 was published for librenms/librenms (Composer) Jun 3, 2022
Cross-site Scripting in Dolibarr Moderate
CVE-2022-30875 was published for dolibarr/dolibarr (Composer) Jun 9, 2022
Cross-site Scripting in RosarioSIS Moderate
CVE-2022-1997 was published for francoisjacquet/rosariosis (Composer) Jun 9, 2022
Cross-site Scripting in SEOmatic plugin Moderate
CVE-2021-41750 was published for nystudio107/craft-seomatic (Composer) Jun 13, 2022
Roots Soil plugin vulnerable to Cross-site Scripting Moderate
CVE-2022-4524 was published for roots/soil (Composer) Dec 15, 2022
Microweber vulnerable to Stored Cross-Site Scripting Moderate
CVE-2022-4647 was published for microweber/microweber (Composer) Dec 22, 2022
Cross site scripting in francoisjacquet/rosariosis Moderate
CVE-2022-2036 was published for francoisjacquet/rosariosis (Composer) Jun 10, 2022
Microweber vulnerable to Reflected Cross-site Scripting Moderate
CVE-2022-4617 was published for microweber/microweber (Composer) Dec 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database