GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
390 advisories
Filter by severity
URL Rewrite vulnerability in multiple zendframework components
High
GHSA-f6p5-76fp-m248
was published
for
zendframework/zend-diactoros
(Composer)
Apr 28, 2022
Link injection in SimpleSAMLphp
Low
GHSA-2r3v-q9x3-7g46
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Log injection in SimpleSAMLphp
Low
CVE-2020-5225
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Persistent XSS vulnerability in filename of attached file in PrivateBin
Moderate
CVE-2020-5223
was published
for
privatebin/privatebin
(Composer)
Jan 14, 2020
Cross-site Scripting in October
Low
CVE-2020-4061
was published
for
october/backend
(Composer)
Jul 2, 2020
Exploitable inventory component chaining in PocketMine-MP
High
GHSA-8jq6-w5cg-wm45
was published
for
pocketmine/pocketmine-mp
(Composer)
Nov 11, 2020
Reflected XSS with parameters in PostComment
Moderate
CVE-2020-26225
was published
for
prestashop/productcomments
(Composer)
Nov 16, 2020
Steam Socialite Provider v1 does not correctly validate openid server
Critical
GHSA-hhw9-35p2-q2c5
was published
for
socialiteproviders/steam
(Composer)
Jan 29, 2021
NaN/INF in serverbound movement packets can crash clients and servers
High
GHSA-fm35-jgg3-3grx
was published
for
pocketmine/pocketmine-mp
(Composer)
Mar 18, 2022
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
Moderate
GHSA-gqqf-g5r7-84vf
was published
for
typo3/cms-core
(Composer)
Sep 15, 2022
Insufficient Session Expiration in Pterodactyl API
Moderate
GHSA-7v3x-h7r2-34jv
was published
for
pterodactyl/panel
(Composer)
Jan 21, 2022
Buffer length underflow in LoginPacket causing unchecked exceptions to be thrown
High
GHSA-5jfw-35xp-5m42
was published
for
pocketmine/bedrock-protocol
(Composer)
Apr 5, 2022
Denial-of-service vulnerability processing large chat messages containing many newlines
Moderate
GHSA-gj94-v4p9-w672
was published
for
pocketmine/pocketmine-mp
(Composer)
May 25, 2022
XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument
Moderate
GHSA-7vcx-v65q-9wpg
was published
for
phpxmlrpc/phpxmlrpc
(Composer)
Jan 11, 2023
XML-RPC for PHP allows access to local files via malicious argument to the Client::send method
Moderate
GHSA-m95x-m25c-w9mp
was published
for
phpxmlrpc/phpxmlrpc
(Composer)
Jan 11, 2023
Cross-site scripting from content entered in the tags and multiselect fields
High
GHSA-rv3r-vqjj-8c76
was published
for
getkirby/cms
(Composer)
Aug 30, 2022
symfont/process typosquatting malware spoofs symfony/process
High
GHSA-g3j5-mpp2-2fqm
was published
for
symfont/process
(Composer)
Jan 26, 2023
Unrestricted Upload of File with Dangerous Type in Microweber
Moderate
CVE-2022-0921
was published
for
microweber/microweber
(Composer)
Mar 12, 2022
Cross-site Scripting in showdoc/showdoc
Critical
CVE-2022-0960
was published
for
showdoc/showdoc
(Composer)
Mar 15, 2022
Unrestricted XML files leading to cross-site scripting in Microweber
Moderate
CVE-2022-0963
was published
for
microweber/microweber
(Composer)
Mar 16, 2022
Cross-site Scripting in Zenario CMS
Moderate
CVE-2021-41952
was published
for
tribalsystems/zenario
(Composer)
Mar 15, 2022
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification
High
CVE-2021-41129
was published
for
pterodactyl/panel
(Composer)
Oct 4, 2021
Reflected XSS when importing CSV in OctoberCMS
Moderate
CVE-2020-5298
was published
for
october/backend
(Composer)
Jun 3, 2020
Cross-site Scripting in teampass
Moderate
CVE-2022-26980
was published
for
nilsteampassnet/teampass
(Composer)
Mar 29, 2022
Unrestricted Upload of File with Dangerous Type in WPanel 4
High
CVE-2021-34257
was published
for
wpanel/wpanel4-cms
(Composer)
Apr 1, 2022
ProTip!
Advisories are also available from the
GraphQL API