Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,966
NuGet
713
pip
3,759
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,731 advisories

Loading
yetiforcecrm is vulnerable to Cross-site Scripting Moderate
CVE-2021-4107 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
Dolibarr Cross Site Scripting (XSS) vulnerability Moderate
CVE-2021-42220 was published for dolibarr/dolibarr (Composer) Dec 16, 2021
Cross-Site Request Forgery in kimai2 Moderate
CVE-2021-4033 was published for kevinpapst/kimai2 (Composer) Dec 10, 2021
Cross site scripting in remdex/livehelperchat Moderate
CVE-2021-4050 was published for remdex/livehelperchat (Composer) Dec 10, 2021
Cross Site Request Forgery in firefly-iii Moderate
CVE-2021-4005 was published for grumpydictator/firefly-iii (Composer) Dec 10, 2021
Laravel Framework XSS in Blade templating engine Moderate
CVE-2021-43808 was published for illuminate/view (Composer) Dec 8, 2021
chinpei215
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4015 was published for grumpydictator/firefly-iii (Composer) Dec 6, 2021
Cross-site Scripting in LibreNMS Moderate
CVE-2021-44279 was published for librenms/librenms (Composer) Dec 3, 2021
Cross-site Scripting in LibreNMS Moderate
CVE-2021-44277 was published for librenms/librenms (Composer) Dec 3, 2021
elgg is vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2021-3964 was published for elgg/elgg (Composer) Dec 3, 2021
Cross-site Scripting in kimai2 Moderate
CVE-2021-3983 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
kimai2 is vulnerable to Improper Access Control Moderate
CVE-2021-3992 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-3993 was published for showdoc/showdoc (Composer) Dec 3, 2021
showdoc is vulnerable to URL Redirection to Untrusted Site Moderate
CVE-2021-3989 was published for showdoc/showdoc (Composer) Dec 3, 2021
snipe-it is vulnerable to Cross-site Scripting Moderate
CVE-2021-4018 was published for snipe/snipe-it (Composer) Dec 3, 2021
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Moderate
CVE-2021-3990 was published for showdoc/showdoc (Composer) Dec 3, 2021
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext Moderate
GHSA-9jp8-cwwx-p64q was published for ezsystems/ezplatform-admin-ui (Composer) Dec 1, 2021
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext Moderate
GHSA-fxwm-rx68-p5vx was published for ezsystems/ezplatform-richtext (Composer) Dec 1, 2021
tdunlap607
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4026 was published for ssddanbrown/bookstack (Composer) Dec 1, 2021
EC-CUBE Improper access control in Management screen Moderate
CVE-2021-20841 was published for ec-cube/ec-cube (Composer) Nov 25, 2021
CSV Injection in symfony/serializer Moderate
CVE-2021-41270 was published for symfony/serializer (Composer) Nov 24, 2021
jakeBarwell jderusse
Cookie persistence after password changes in symfony/security-bundle Moderate
CVE-2021-41268 was published for symfony/security-bundle (Composer) Nov 24, 2021
thibaut-decherit wouterj
Webcache Poisoning in symfony/http-kernel Moderate
CVE-2021-41267 was published for symfony/http-kernel (Composer) Nov 24, 2021
jderusse shyim
Server-Side Request Forgery in Concrete CMS Moderate
CVE-2021-22970 was published for concrete5/core (Composer) Nov 23, 2021
Server-Side Request Forgery in Concrete CMS Moderate
CVE-2021-22969 was published for concrete5/core (Composer) Nov 23, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database