Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

4,231 advisories

Loading
XSS vulnerability in company name field in Mautic Moderate
CVE-2018-11200 was published for mautic/core (Composer) Jan 19, 2021
joanbono alanhartless
Inline JS XSS vulnerability in Mautic Moderate
CVE-2017-1000488 was published for mautic/core (Composer) Jan 19, 2021
alanhartless
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID High
CVE-2018-10189 was published for mautic/core (Composer) Jan 19, 2021
micschk
Disabled users able to log in with third party SSO plugin High
CVE-2017-1000489 was published for mautic/core (Composer) Jan 19, 2021
XSS vulnerability in theme config file in Mautic Moderate
CVE-2018-8071 was published for mautic/core (Composer) Jan 19, 2021
XSS vulnerability in Author URL of themes in Mautic Moderate
CVE-2018-11198 was published for mautic/core (Composer) Jan 19, 2021
joanbono
Mautic users able to download any files from server using filemanager Moderate
CVE-2017-1000490 was published for mautic/core (Composer) Jan 19, 2021
XSS vulnerability leveraged through referrers could allow un-authorized admin access in Mautic Critical
CVE-2020-35124 was published for mautic/core (Composer) Jan 19, 2021
nvn1729
Query Binding Exploitation High
CVE-2021-21263 was published for illuminate/database (Composer) Jan 19, 2021
Kirby .dev domains and some reverse proxy setups were treated as local Moderate
CVE-2020-26253 was published for getkirby/cms (Composer) Jan 14, 2021
Cross-site scripting vulnerability in TinyMCE Moderate
CVE-2024-21911 was published for TinyMCE (Composer) Jan 6, 2021
emilwareus
Authenticated Server Side Request Forgery Low
GHSA-8pfh-mm2g-hmc3 was published for shopware/core (Composer) Dec 21, 2020
Information exposure via query strings in URL Low
GHSA-cq6h-w3mc-57f4 was published for shopware/core (Composer) Dec 21, 2020
Authenticated Privilege Escalation Low
GHSA-5q58-x5h2-v5rx was published for shopware/core (Composer) Dec 21, 2020
Cross-Site Scripting in Fluid view helpers Moderate
CVE-2020-26227 was published for typo3/cms (Composer) Dec 21, 2020
ohader
Cross-Site Scripting in Grav Moderate
GHSA-cvmr-6428-87w9 was published for getgrav/grav (Composer) Dec 10, 2020
ShrubberyRubbery
Kirby Panel users could upload PHP Phar archives as content files before v2.5.14 and v3.4.5 Moderate
CVE-2020-26255 was published for getkirby/cms (Composer) Dec 8, 2020
XML External Entity in Dashboard Widget Low
CVE-2020-26229 was published for typo3/cms (Composer) Nov 23, 2020
Cleartext storage of session identifier High
CVE-2020-26228 was published for typo3/cms (Composer) Nov 23, 2020
liayn bmack
ohader
Bypass of fix for CVE-2020-15247, Twig sandbox escape Low
CVE-2020-26231 was published for october/cms (Composer) Nov 23, 2020
ka1n4t
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled. Moderate
CVE-2020-15247 was published for october/cms (Composer) Nov 23, 2020
ka1n4t
Local File Inclusion by unauthenticated users High
CVE-2020-15246 was published for october/cms (Composer) Nov 23, 2020
ka1n4t
Stored XSS by authenticated backend user with access to upload files Low
CVE-2020-15249 was published for october/backend (Composer) Nov 23, 2020
Privilege escalation by backend users assigned to the default "Publisher" system role Low
CVE-2020-15248 was published for october/backend (Composer) Nov 23, 2020
Cross-Site Scripting through Fluid view helper arguments High
CVE-2020-26216 was published for typo3fluid/fluid (Composer) Nov 18, 2020
NamelessCoder jonaseberle
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database