Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,466
Erlang
33
GitHub Actions
23
Go
2,166
Maven
5,000+
npm
3,830
NuGet
696
pip
3,507
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

228 advisories

Loading
Magento Open Source allows Cross-Site Scripting (XSS) Low
CVE-2023-38219 was published for magento/community-edition (Composer) Oct 13, 2023
Economizzer Insecure Direct Object Reference vulnerability Low
CVE-2023-38872 was published for gugoan/economizzer (Composer) Sep 28, 2023
Froxlor vulnerable to business logic errors Low
CVE-2023-4304 was published for froxlor/froxlor (Composer) Aug 11, 2023
Magento Open Source allows XML Injection Low
CVE-2023-38207 was published for magento/community-edition (Composer) Aug 9, 2023
Silverstripe Framework: Members with no password can be created and bypass custom login forms Low
CVE-2023-32302 was published for silverstripe/framework (Composer) Jul 31, 2023
sabina-talipova bimthebam
maxime-rainville
Information Disclosure due to Out-of-scope Site Resolution Low
CVE-2023-38499 was published for typo3/cms-core (Composer) Jul 25, 2023
fe-hicking ohader
bnf
Winter CMS stored XSS through privileged upload of SVG file Low
CVE-2023-37269 was published for wintercms/winter (Composer) Jul 7, 2023
abhishekmorla
Magento Open Source allows Cross-Site Scripting (XSS) Low
CVE-2023-22249 was published for magento/community-edition (Composer) Jul 6, 2023
Admidio Improper Access Control vulnerability Low
CVE-2023-3303 was published for admidio/admidio (Composer) Jun 23, 2023
Magento Open Source allows Incorrect Authorization Low
CVE-2023-29295 was published for magento/community-edition (Composer) Jun 15, 2023
Magento Open Source allows Incorrect Authorization Low
CVE-2023-29296 was published for magento/community-edition (Composer) Jun 15, 2023
Magento Open Source affected by Improper Input Validation Low
CVE-2023-29293 was published for magento/community-edition (Composer) Jun 15, 2023
Magento Open Source has Business Logic Errors Vulnerability Low
CVE-2023-29294 was published for magento/community-edition (Composer) Jun 15, 2023
CraftCMS stored XSS in Quick Post widget error message Low
CVE-2023-33194 was published for craftcms/cms (Composer) May 26, 2023
WhiteBearVN
Stored cross site scripting in RSS displayer Low
CVE-2023-28820 was published for concrete5/concrete5 (Composer) Apr 28, 2023
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names Low
CVE-2023-28819 was published for concrete5/concrete5 (Composer) Apr 28, 2023
MarkLee131
AzuraCast/AzuraCast vulnerable to cross-site scripting Low
CVE-2023-2191 was published for azuracast/azuracast (Composer) Apr 20, 2023
Timing attack in eZ Platform Ibexa Low
CVE-2022-48366 was published for ezsystems/ezplatform-kernel (Composer) Mar 12, 2023
Shopware has Insufficient Session Expiration in Administration Low
CVE-2023-22732 was published for shopware/core (Composer) Jan 20, 2023
Shopware's log module vulnerable to Improper Output Neutralization Low
CVE-2023-22733 was published for shopware/core (Composer) Jan 20, 2023
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted Low
CVE-2023-22489 was published for flarum/core (Composer) Jan 10, 2023
clarkwinkelmann
Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued Low
CVE-2022-39284 was published for codeigniter4/framework (Composer) Oct 6, 2022
EC-CUBE Directory traversal vulnerability Low
CVE-2022-40199 was published for ec-cube/ec-cube (Composer) Sep 28, 2022
Byobu user preference to prevent private discussions being started are not respected Low
CVE-2022-35921 was published for fof/byobu (Composer) Aug 6, 2022
Cross site scripting in Concrete CMS Low
CVE-2022-30120 was published for concrete5/core (Composer) Jun 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database