Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,418 advisories

Loading
Cross-Site Scripting in BookStack Moderate
CVE-2020-11055 was published for ssddanbrown/bookstack (Composer) May 7, 2020
Potential XSS vulnerability in jQuery Moderate
CVE-2020-11022 was published for jquery (RubyGems) Apr 29, 2020
masatokinugawa Churro
Rudloff
XSS injection in the Grid component of Sylius Moderate
CVE-2019-12186 was published for sylius/grid (Composer) Apr 15, 2020
Exceptions displayed in non-debug configurations in Symfony Moderate
CVE-2020-5274 was published for symfony/error-handler (Composer) Mar 30, 2020
yceruto jderusse
LukaSikic
Cross-site scripting in PHPMailer Moderate
CVE-2017-11503 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Local file disclosure in PHPMailer Moderate
CVE-2017-5223 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Sanitizer bypass in svg-sanitizer Moderate
CVE-2019-10772 was published for enshrined/svg-sanitize (Composer) Feb 27, 2020
Reflected XSS in SilverStripe Moderate
CVE-2019-19325 was published for silverstripe/framework (Composer) Feb 24, 2020
Ability to expose data in Sylius by using an unintended serialisation group Moderate
CVE-2020-5220 was published for sylius/resource-bundle (Composer) Jan 31, 2020
XSS in Dolibarr ERP & CRM Moderate
CVE-2020-7996 was published for dolibarr/dolibarr (Composer) Jan 28, 2020
Incorrect signature verification in SimpleSAMLphp Moderate
CVE-2016-9955 was published for simplesamlphp/simplesamlphp (Composer) Jan 24, 2020
thijskh
Persistent XSS vulnerability in filename of attached file in PrivateBin Moderate
CVE-2020-5223 was published for privatebin/privatebin (Composer) Jan 14, 2020
Insert tag injection in the Contao login module Moderate
CVE-2019-19714 was published for contao/contao (Composer) Dec 17, 2019
Information disclosure in the Contao backend Moderate
CVE-2019-19712 was published for contao/contao (Composer) Dec 17, 2019
Object injection in cookie driver in phpfastcache Moderate
CVE-2019-16774 was published for phpfastcache/phpfastcache (Composer) Dec 12, 2019
Geolim4
User enumeration leak using switch user functionality in Symfony Moderate
CVE-2019-18886 was published for symfony/security-http (Composer) Dec 2, 2019
Data leakage via SQL Injection in Pimcore Moderate
CVE-2019-10763 was published for pimcore/pimcore (Composer) Dec 2, 2019
Lack of access control on upoaded files Moderate
CVE-2019-12245 was published for silverstripe/assets (Composer) Nov 12, 2019
Session fixation in change password form Moderate
CVE-2019-12203 was published for silverstripe/framework (Composer) Nov 12, 2019
SilverStripe Versioned Files module Unpublished files are exposed publicly Moderate
CVE-2019-16409 was published for silverstripe/framework (Composer) Nov 12, 2019
Symfony Cross-site Scripting (XSS) vulnerability Moderate
CVE-2019-10909 was published for drupal/core (Composer) Nov 12, 2019
Composer JavaScript injection possible via html comments Moderate
CVE-2019-8233 was published for magento/community-edition (Composer) Nov 12, 2019
Magento Cross-Site Scripting via Attribute Set Name Moderate
CVE-2019-8145 was published for magento/community-edition (Composer) Nov 12, 2019
Bypass of sitemp access restrictions Moderate
CVE-2019-8133 was published for magento/community-edition (Composer) Nov 12, 2019
Information disclosure through processing of external XML entities Moderate
CVE-2019-8126 was published for magento/community-edition (Composer) Nov 12, 2019
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database