Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,262
Maven
5,000+
npm
3,912
NuGet
705
pip
3,681
Pub
12
RubyGems
916
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,670 advisories

Loading
concrete5 vulnerable to Cross-site Scripting Low
CVE-2015-3989 was published for concrete5/concrete5 (Composer) May 17, 2022
fal_sftp extension for TYPO3 uses weak permissions for sFTP driver files and folders Moderate
CVE-2014-8327 was published for co-stack/fal_sftp (Composer) May 17, 2022
yag and pt_extbase extensions for TYPO3 allow remote attackers to bypass access restrictions High
CVE-2014-6289 was published for dl/yag (Composer) May 17, 2022
WEC Map (wec_map) extension for TYPO3 allows SQL Injection High
CVE-2014-6295 was published for jbartels/wec-map (Composer) May 17, 2022
WEC Map (wec_map) extension for TYPO3 allows Cross-site Scripting Low
CVE-2014-6296 was published for jbartels/wec-map (Composer) May 17, 2022
TYPO3 powermail extension allows remote attackers to bypass CAPTCHA protection mechanism Moderate
CVE-2014-6288 was published for in2code/powermail (Composer) May 17, 2022
TYPO3 femanager extension allows remote frontend users to modify or delete records of other frontend users Moderate
CVE-2014-6292 was published for in2code/femanager (Composer) May 13, 2022
TYPO3 powermail extension has unrestricted file upload vulnerability High
CVE-2014-3947 was published for in2code/powermail (Composer) May 17, 2022
GeSHi vulnerable to Cross-site Scripting Moderate
CVE-2012-3522 was published for geshi/geshi (Composer) May 17, 2022
GeSHi vulnerable to Directory Traversal High
CVE-2012-3521 was published for geshi/geshi (Composer) May 17, 2022
TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash Critical
CVE-2014-3945 was published for typo3/cms (Composer) May 17, 2022
TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code High
CVE-2014-3942 was published for typo3/cms (Composer) May 14, 2022
TYPO3 vulnerable to remote authenticated arbitrary code execution High
CVE-2013-4321 was published for typo3/cms (Composer) May 17, 2022
TYPO3 doesn't properly check file extensions High
CVE-2013-4250 was published for typo3/cms (Composer) May 17, 2022
Pimcore Vulnerable to PHP Object Injection Attacks High
CVE-2014-2921 was published for pimcore/pimcore (Composer) May 17, 2022
Joomla! Cross-site Scripting vulnerability Low
CVE-2013-5583 was published for joomla/joomla-cms (Composer) May 17, 2022
Static Info Tables (static_info_tables) extension TYPO3 vulnerable to Cross-site Scripting Low
CVE-2013-5323 was published for sjbr/static-info-tables (Composer) May 17, 2022
CoolURI extension for TYPO3 vulnerable to SQL Injection High
CVE-2013-5322 was published for bednee/cooluri (Composer) May 17, 2022
Static Methods since 2007 (div2007) extension for TYPO3 vulnerable to Cross-site Scripting Low
CVE-2013-5100 was published for jambagecom/div2007 (Composer) May 17, 2022
YUI Cross-site Scripting (XSS) vulnerability Moderate
CVE-2013-4942 was published for moodle/moodle (Composer) May 13, 2022
YUI Cross-site Scripting (XSS) vulnerability Moderate
CVE-2013-4941 was published for moodle/moodle (Composer) May 13, 2022
YUI Cross-site Scripting (XSS) vulnerability Moderate
CVE-2013-4940 was published for moodle/moodle (Composer) May 13, 2022
News system (news) extension for TYPO3 vulnerable to SQL Injection High
CVE-2013-4748 was published for georgringer/news (Composer) May 17, 2022
PHPUnit extension for TYPO3 vulnerable to Cross-site Scripting Low
CVE-2013-4744 was published for oliverklee/phpunit (Composer) May 13, 2022
Multishop extension for TYPO3 has SQL Injection vulnerability High
CVE-2013-4682 was published for bvbmedia/multishop (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database