Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,820
Maven
5,000+
npm
4,444
NuGet
774
pip
4,215
Pub
12
RubyGems
970
Rust
1,089
Swift
47
Unreviewed advisories
All unreviewed
5,000+

1,361 advisories

Loading
File upload restriction bypass in Zenario CMS High
CVE-2022-23043 was published for tribalsystems/zenario (Composer) Feb 25, 2022
Multi-Factor Authentication issue in Laravel Fortify High
CVE-2022-25838 was published for laravel/fortify (Composer) Feb 25, 2022
Insertion of Sensitive Information Into Debugging Code in Microweber High
CVE-2022-0721 was published for microweber/microweber (Composer) Feb 24, 2022
Insecure Storage of Sensitive Information in Microweber High
CVE-2022-0724 was published for microweber/microweber (Composer) Feb 24, 2022
Cross-site Scripting in Microweber High
CVE-2022-0719 was published for microweber/microweber (Composer) Feb 24, 2022
Authenticated remote code execution in October CMS High
CVE-2022-21705 was published for october/system (Composer) Feb 23, 2022
cydave
Credited to cydave
SSRF in Kitodo.Presentation High
CVE-2022-24980 was published for kitodo/presentation (Composer) Feb 20, 2022
Unrestricted Upload of File with Dangerous Type in showdoc High
CVE-2022-0409 was published for showdoc/showdoc (Composer) Feb 20, 2022
Cross-site Scripting in microweber High
CVE-2022-0690 was published for microweber/microweber (Composer) Feb 20, 2022
Generation of Error Message Containing Sensitive Information in microweber High
CVE-2022-0660 was published for microweber/microweber (Composer) Feb 19, 2022
CRLF Injection in microweber High
CVE-2022-0666 was published for microweber/microweber (Composer) Feb 19, 2022
Improper input validation in Drupal core High
CVE-2022-25271 was published for drupal/core (Composer) Feb 18, 2022
Improper Privilege Management in Snipe-IT High
CVE-2022-0611 was published for snipe/snipe-it (Composer) Feb 17, 2022
Improper Access Control in librenms High
CVE-2022-0580 was published for librenms/librenms (Composer) Feb 16, 2022
Improper Authorization in librenms High
CVE-2022-0587 was published for librenms/librenms (Composer) Feb 16, 2022
OS Command Injection in Microweber High
CVE-2022-0557 was published for microweber/microweber (Composer) Feb 12, 2022
Exposure of Resource to Wrong Sphere in Drupal Core High
CVE-2020-13670 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
Credited to tdunlap607
Drupal core access bypass vulnerability High
CVE-2020-13677 was published for drupal/core (Composer) Feb 12, 2022
Cross Site Request Forgery in concrete5/concrete5 High
CVE-2021-22954 was published for concrete5/concrete5 (Composer) Feb 11, 2022
ThinkPHP Remote Code Execution (RCE) vulnerability High
CVE-2021-44892 was published for topthink/framework (Composer) Feb 11, 2022
Possible SQL injection in tablelookupwizard Contao Extension High
GHSA-v3mr-gp7j-pw5w was published for terminal42/contao-tablelookupwizard (Composer) Feb 10, 2022
Zip slip in Microweber High
CVE-2020-28337 was published for microweber/microweber (Composer) Feb 10, 2022
Code injection in Twig High
CVE-2022-23614 was published for twig/twig (Composer) Feb 10, 2022
CSRF token missing in Symfony High
CVE-2022-23601 was published for symfony/framework-bundle (Composer) Feb 1, 2022
jderusse nexxome
ovrflo
Credited to jderusse, nexxome, and ovrflo
Cross Site Request Forgery in Moodle High
CVE-2022-0335 was published for moodle/moodle (Composer) Jan 28, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database