GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,407 advisories
Filter by severity
Persistent XSS vulnerability in filename of attached file in PrivateBin
Moderate
CVE-2020-5223
was published
for
privatebin/privatebin
(Composer)
Jan 14, 2020
Insert tag injection in the Contao login module
Moderate
CVE-2019-19714
was published
for
contao/contao
(Composer)
Dec 17, 2019
Information disclosure in the Contao backend
Moderate
CVE-2019-19712
was published
for
contao/contao
(Composer)
Dec 17, 2019
Object injection in cookie driver in phpfastcache
Moderate
CVE-2019-16774
was published
for
phpfastcache/phpfastcache
(Composer)
Dec 12, 2019
User enumeration leak using switch user functionality in Symfony
Moderate
CVE-2019-18886
was published
for
symfony/security-http
(Composer)
Dec 2, 2019
Data leakage via SQL Injection in Pimcore
Moderate
CVE-2019-10763
was published
for
pimcore/pimcore
(Composer)
Dec 2, 2019
Lack of access control on upoaded files
Moderate
CVE-2019-12245
was published
for
silverstripe/assets
(Composer)
Nov 12, 2019
Session fixation in change password form
Moderate
CVE-2019-12203
was published
for
silverstripe/framework
(Composer)
Nov 12, 2019
SilverStripe Versioned Files module Unpublished files are exposed publicly
Moderate
CVE-2019-16409
was published
for
silverstripe/framework
(Composer)
Nov 12, 2019
Symfony Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2019-10909
was published
for
drupal/core
(Composer)
Nov 12, 2019
Composer JavaScript injection possible via html comments
Moderate
CVE-2019-8233
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Magento Cross-Site Scripting via Attribute Set Name
Moderate
CVE-2019-8145
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Bypass of sitemp access restrictions
Moderate
CVE-2019-8133
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Information disclosure through processing of external XML entities
Moderate
CVE-2019-8126
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Authorization Bypass Through User-Controlled Key in Bagisto
Moderate
CVE-2019-16403
was published
for
bagisto/bagisto
(Composer)
Nov 8, 2019
Cross-site Scripting in Grav
Moderate
CVE-2019-16126
was published
for
getgrav/grav
(Composer)
Nov 8, 2019
Cross-site scripting in Dolibarr
Moderate
CVE-2019-16197
was published
for
dolibarr/dolibarr
(Composer)
Nov 8, 2019
Cross-site Scripting in Bolt
Moderate
CVE-2019-15485
was published
for
bolt/bolt
(Composer)
Nov 8, 2019
Incorrect Access Control vulnerability in api-platform/core
Moderate
CVE-2019-1000011
was published
for
api-platform/core
(Composer)
Oct 14, 2019
Cross-site Scripting in YII2-CMS
Moderate
CVE-2019-16130
was published
for
yii2mod/yii2-cms
(Composer)
Oct 14, 2019
Exposure of Sensitive Information to an Unauthorized Actor in LibreNMS
Moderate
CVE-2019-10667
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
Missing Authentication for Critical Function in LibreNMS
Moderate
CVE-2019-10668
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
Missing Authorization in Drupal
Moderate
CVE-2017-6923
was published
for
drupal/core
(Composer)
Oct 10, 2019
Moderate severity vulnerability that affects league/commonmark
Moderate
CVE-2019-10010
was published
for
league/commonmark
(Composer)
Sep 17, 2019
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
ProTip!
Advisories are also available from the
GraphQL API