Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,464
Erlang
33
GitHub Actions
22
Go
2,164
Maven
5,000+
npm
3,821
NuGet
696
pip
3,503
Pub
12
RubyGems
909
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

4,465 advisories

Loading
Denial of Service in Page Error Handling Moderate
CVE-2021-21359 was published for typo3/cms (Composer) Mar 23, 2021
derhansen
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form Moderate
CVE-2021-21358 was published for typo3/cms (Composer) Mar 23, 2021
andreaskienast sushiwushi
Broken Access Control in Form Framework High
CVE-2021-21357 was published for typo3/cms (Composer) Mar 23, 2021
sushiwushi waldhacker1
Unrestricted File Upload in Form Framework High
CVE-2021-21355 was published for typo3/cms (Composer) Mar 23, 2021
smichaelsen ohader
marclindemann vertexvaar sushiwushi waldhacker1
Cross-Site Scripting in Content Preview Moderate
CVE-2021-21340 was published for typo3/cms (Composer) Mar 23, 2021
sushiwushi andreaskienast
Cleartext storage of session identifier Moderate
CVE-2021-21339 was published for typo3/cms (Composer) Mar 23, 2021
ohader
Open Redirection in Login Handling Moderate
CVE-2021-21338 was published for typo3/cms (Composer) Mar 23, 2021
einpraegsam derhansen
Cross-site scripting in eZ Platform Kernel High
GHSA-mrvj-7q4f-5p42 was published for ezsystems/ezplatform-kernel (Composer) Mar 19, 2021
Authenticated remote code execution Moderate
GHSA-pjj4-jjgc-h3r8 was published for shopware/platform (Composer) Mar 12, 2021
Potential Session Hijacking Low
GHSA-h9q8-5gv2-v6mg was published for shopware/platform (Composer) Mar 12, 2021
Cross-site scripting (XSS) Moderate
CVE-2020-17551 was published for impresscms/impresscms (Composer) Mar 12, 2021
Cross-site scripting (XSS) Moderate
CVE-2021-28088 was published for impresscms/impresscms (Composer) Mar 12, 2021
/user/sessions endpoint allows detecting valid accounts High
GHSA-gmrf-99gw-vvwj was published for ezsystems/ezpublish-kernel (Composer) Mar 11, 2021
/user/sessions endpoint allows detecting valid accounts High
GHSA-7vwg-39h8-8qp8 was published for ezsystems/ezplatform-rest (Composer) Mar 11, 2021
Potential Host Header Poisoning on misconfigured servers Low
CVE-2021-21265 was published for october/backend (Composer) Mar 10, 2021
Sandbox escape through template_object in smarty High
CVE-2021-26119 was published for smarty/smarty (Composer) Mar 2, 2021
stevenseeley
PHP Code Injection by malicious function name in smarty Critical
CVE-2021-26120 was published for smarty/smarty (Composer) Feb 26, 2021
stevenseeley
Path traversal in pimcore/pimcore High
CVE-2021-23340 was published for pimcore/pimcore (Composer) Feb 25, 2021
Path traversal in bolt/core High
CVE-2021-27367 was published for bolt/core (Composer) Feb 18, 2021
vrana/adminer vulnerable to SSRF by connecting to privileged ports Moderate
CVE-2018-7667 was published for vrana/adminer (Composer) Feb 11, 2021
SecGus
XSS in Adminer Moderate
GHSA-m56g-3g8v-2rxw was published for vrana/adminer (Composer) Feb 11, 2021 withdrawn
emilwareus
SSRF in adminer High
CVE-2021-21311 was published for vrana/adminer (Composer) Feb 11, 2021
bpsizemore UNC1739
vrana/adminer via XSS in the history parameter in SQL command Moderate
CVE-2020-35572 was published for vrana/adminer (Composer) Feb 11, 2021
October CMS Session ID not invalidated after logout Critical
CVE-2021-3311 was published for october/rain (Composer) Feb 10, 2021
Leak of information via Store-API Critical
GHSA-f2vv-h5x4-57gr was published for shopware/platform (Composer) Feb 10, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database