GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,436 advisories
Filter by severity
Cross-Site Request Forgery in MAGMI
Moderate
CVE-2020-5776
was published
for
dweeves/magmi
(Composer)
May 6, 2021
Cross-site Scripting in OpenCart
Moderate
CVE-2020-10596
was published
for
opencart/opencart
(Composer)
May 6, 2021
"Cross-site scripting in ThinkAdmin"
Moderate
CVE-2020-29315
was published
for
zoujingli/thinkadmin
(Composer)
May 6, 2021
Cross-site scripting in phpoffice/phpspreadsheet
Moderate
CVE-2020-7776
was published
for
phpoffice/phpspreadsheet
(Composer)
May 6, 2021
OS Command injection in Bolt
Moderate
CVE-2020-28925
was published
for
bolt/bolt
(Composer)
May 6, 2021
Bypass of fix for CVE-2020-26231, Twig sandbox escape
Moderate
CVE-2021-21264
was published
for
october/cms
(Composer)
May 4, 2021
Cross-Site Scripting in Bootstrap Package
Moderate
CVE-2021-21365
was published
for
bk2k/bootstrap-package
(Composer)
Apr 29, 2021
Exposure of .env if project root is configured as web root in shopware/production
Moderate
GHSA-3pcr-4982-548m
was published
for
shopware/production
(Composer)
Apr 13, 2021
Potential XSS injection in the newsletter conditions field
Moderate
CVE-2021-21418
was published
for
prestashop/ps_emailsubscription
(Composer)
Apr 6, 2021
Mautic vulnerable to secret data exfiltration via symfony parameters
Moderate
CVE-2021-27908
was published
for
mautic/core
(Composer)
Apr 6, 2021
Moodle allowed some users without permission to view other users' full names
Moderate
CVE-2021-20281
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Cross site-scripting (XSS) moodle
Moderate
CVE-2020-25628
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Cross-site Scripting (XSS) in moodle
Moderate
CVE-2020-25702
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Privilage Escalation in moodle
Moderate
CVE-2020-25701
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
SQL Injection in moodle
Moderate
CVE-2020-25700
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Cross-site scripting (XSS) and Server side request forgery (SSRF) in moodle
Moderate
CVE-2021-20280
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Stored cross-site scripting in PressBooks
Moderate
CVE-2021-3271
was published
for
pressbooks/pressbooks
(Composer)
Mar 29, 2021
Path Traversal within joomla/archive zip class
Moderate
CVE-2021-26028
was published
for
joomla/archive
(Composer)
Mar 24, 2021
XSS in CreateQueuedJobTask
Moderate
CVE-2021-27938
was published
for
symbiote/silverstripe-queuedjobs
(Composer)
Mar 24, 2021
Cross-Site Scripting in Content Preview (CType menu)
Moderate
CVE-2021-21370
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Denial of Service in Page Error Handling
Moderate
CVE-2021-21359
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
Moderate
CVE-2021-21358
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Cross-Site Scripting in Content Preview
Moderate
CVE-2021-21340
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Cleartext storage of session identifier
Moderate
CVE-2021-21339
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Open Redirection in Login Handling
Moderate
CVE-2021-21338
was published
for
typo3/cms
(Composer)
Mar 23, 2021
ProTip!
Advisories are also available from the
GraphQL API