GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
65 advisories
Filter by severity
Shopware has Improper Input Validation issue in newsletter subscription
Moderate
CVE-2023-22734
was published
for
shopware/core
(Composer)
Jan 20, 2023
Shopware vulnerable to Improper Input Validation of Clearance sale in cart
Moderate
CVE-2023-22730
was published
for
shopware/core
(Composer)
Jan 17, 2023
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
Moderate
CVE-2022-36032
was published
for
react/http
(Composer)
Sep 16, 2022
YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product
Moderate
CVE-2021-4117
was published
for
yetiforce/yetiforce-crm
(Composer)
Dec 16, 2021
Manipulation of product reviews via API
Moderate
CVE-2021-37707
was published
for
shopware/core
(Composer)
Aug 30, 2021
Crypt_GPG does not prevent additional options in GPG calls
Moderate
CVE-2022-24953
was published
for
pear/crypt_gpg
(Composer)
Feb 18, 2022
Moodle Improper Input Validation vulnerability
Moderate
CVE-2021-36402
was published
for
moodle/moodle
(Composer)
Mar 7, 2023
Firefly III vulnerable to improper input validation
Moderate
CVE-2023-1789
was published
for
grumpydictator/firefly-iii
(Composer)
Apr 1, 2023
phpMyFAQ vulnerable to improper input validation
Moderate
CVE-2023-1754
was published
for
thorsten/phpmyfaq
(Composer)
Mar 31, 2023
Browsershot version 3.57.3 vulnerable to improper input validation
Moderate
CVE-2022-43984
was published
for
spatie/browsershot
(Composer)
Nov 25, 2022
XMPP Clients User Impersonation Vulnerability in Movim Moxl
Moderate
CVE-2017-5605
was published
for
movim/moxl
(Composer)
May 17, 2022
Logic error in dolibarr
Moderate
CVE-2022-0174
was published
for
dolibarr/dolibarr
(Composer)
Jan 12, 2022
TYPO3 OpenID extension Open redirect vulnerability
Moderate
CVE-2013-7079
was published
for
friendsoftypo3/openid
(Composer)
May 17, 2022
Typo3 API XSS Vulnerabilities
Moderate
CVE-2012-1608
was published
for
typo3/cms
(Composer)
May 17, 2022
phpMyAdmin DoS Vulnerability
Moderate
CVE-2016-6623
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Pimcore vulnerable to Business Logic Errors via Customer automation rules
Moderate
CVE-2023-32075
was published
for
pimcore/customer-management-framework-bundle
(Composer)
May 11, 2023
omeka/omeka-s Improper Input Validation vulnerability
Moderate
CVE-2023-4157
was published
for
omeka/omeka-s
(Composer)
Aug 4, 2023
Prevent injection of invalid entity ids for "autocomplete" fields
Moderate
CVE-2023-41336
was published
for
symfony/ux-autocomplete
(Composer)
Sep 11, 2023
PrestaShop file deletion via attachment API
Moderate
CVE-2023-39529
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
PrestaShop file deletion via CustomerMessage
Moderate
CVE-2023-39530
was published
for
prestashop/prestashop
(Composer)
Aug 9, 2023
Denial of service caused by infinite recursion when parsing SVG images
Moderate
CVE-2023-50262
was published
for
dompdf/dompdf
(Composer)
Dec 13, 2023
Moodle Arbitrary File Read via Backup Functionality
Moderate
CVE-2012-6099
was published
for
moodle/moodle
(Composer)
May 13, 2022
class.upload.php allows cross-site scripting attacks via uploaded files
Moderate
CVE-2023-6551
was published
for
verot/class.upload.php
(Composer)
Jan 4, 2024
Magento Improper input validation vulnerability
Moderate
CVE-2021-28585
was published
for
magento/community-edition
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API