Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,262
Maven
5,000+
npm
3,912
NuGet
705
pip
3,681
Pub
12
RubyGems
916
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,670 advisories

Loading
Craft CMS Cross site Scripting vulnerability Moderate
CVE-2022-37248 was published for craftcms/cms (Composer) Sep 17, 2022
brandonkelly
RCE vulnerability in Pimcore/Mail & Dynamic Text Layout Critical
CVE-2022-39365 was published for pimcore/pimcore (Composer) Oct 29, 2022
nth347
phpMyFAQ vulnerable to stored Cross-site Scripting Moderate
CVE-2022-3765 was published for thorsten/phpmyfaq (Composer) Oct 31, 2022
Microweber Cross-site Scripting can result in redirection to a malicious site Moderate
CVE-2022-3242 was published for microweber/microweber (Composer) Sep 21, 2022
Craft CMS Stored Cross-site Scripting in User Addresses Title Moderate
CVE-2022-37250 was published for craftcms/cms (Composer) Sep 17, 2022
brandonkelly
CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter High
CVE-2015-8379 was published for cakephp/cakephp (Composer) May 14, 2022
ravage84
YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module Moderate
CVE-2022-3004 was published for yetiforce/yetiforce-crm (Composer) Sep 21, 2022
phpMyFAQ contains Weak Password Requirements Critical
CVE-2022-3754 was published for thorsten/phpmyfaq (Composer) Oct 29, 2022
phpMyFAQ vulnerable to reflected Cross-site Scripting Moderate
CVE-2022-3766 was published for thorsten/phpmyfaq (Composer) Oct 31, 2022
YetiForce CRM vulnerable to stored Cross-site Scripting via LayoutEditor module Moderate
CVE-2022-3000 was published for yetiforce/yetiforce-crm (Composer) Sep 21, 2022
Moodle Cross-site Scripting vulnerability Moderate
CVE-2021-36568 was published for moodle/moodle (Composer) Sep 14, 2022
easyii CMS's File Upload Management vulnerable to unrestricted upload Critical
CVE-2022-3771 was published for noumo/easyii (Composer) Oct 31, 2022
Badaso vulnerable to Remote Code Execution via malicious file upload Critical
CVE-2022-41711 was published for badaso/core (Composer) Oct 26, 2022
ProcessWire vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-40488 was published for processwire/processwire (Composer) Oct 31, 2022
ProcessWire vulnerable to Cross-site Scripting Moderate
CVE-2022-40487 was published for processwire/processwire (Composer) Oct 31, 2022
Prototype pollution in Snowboard framework High
CVE-2022-39357 was published for wintercms/winter (Composer) Oct 27, 2022
BookStack is vulnerable to Improper Access Control. Moderate
CVE-2021-4119 was published for ssddanbrown/bookstack (Composer) Dec 16, 2021
snipe-it is vulnerable to Improper Access Control Moderate
CVE-2021-4089 was published for snipe/snipe-it (Composer) Dec 16, 2021
october/system arbitrary code execution High
CVE-2021-32650 was published for october/system (Composer) Jan 14, 2022
sushiwushi
October/System authenticated file write leads to remote code execution High
CVE-2021-32649 was published for october/system (Composer) Jan 14, 2022
cydave
kimai2 is vulnerable to Improper Access Control Moderate
CVE-2021-3992 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number High
CVE-2021-4111 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product Moderate
CVE-2021-4117 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4026 was published for ssddanbrown/bookstack (Composer) Dec 1, 2021
Kirby CMS vulnerable to user enumeration in the code-based login and password reset forms Moderate
CVE-2022-39314 was published for getkirby/cms (Composer) Oct 18, 2022
florianmrz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database