Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,065
Maven
5,000+
npm
3,744
NuGet
668
pip
3,427
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

21,009 advisories

Loading
phpMyAdmin SQL Injection High
CVE-2020-10804 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
eZ Publish Kernel and Legacy Unrestricted Upload of File with Dangerous Type Critical
CVE-2020-10806 was published for ezsystems/ezpublish-kernel (Composer) May 24, 2022
phpMyAdmin SQL injection vulnerability High
CVE-2020-10802 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
phpMyAdmin SQL injection vulnerability Moderate
CVE-2020-10803 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
Deserialization of Untrusted Data in Liferay Portal Critical
CVE-2020-7961 was published for com.liferay.portal:com.liferay.portal.kernel (Maven) May 24, 2022
amuravski liefke
phpBB arbitrary CSS injection High
CVE-2019-16108 was published for phpbb/phpbb (Composer) May 24, 2022
Ignite Realtime Openfire allows Cross-site Scripting Moderate
CVE-2019-20525 was published for org.igniterealtime.openfire:parent (Maven) May 24, 2022
Ignite Realtime Openfire allows Cross-site Scripting Moderate
CVE-2019-20526 was published for org.igniterealtime.openfire:parent (Maven) May 24, 2022
Ignite Realtime Openfire allows Cross-site Scripting Moderate
CVE-2019-20527 was published for org.igniterealtime.openfire:parent (Maven) May 24, 2022
Ignite Realtime Openfire allows Cross-site Scripting Moderate
CVE-2019-20528 was published for org.igniterealtime.openfire:xmppserver (Maven) May 24, 2022
Moodle open redirect vulnerability Moderate
CVE-2019-14882 was published for moodle/moodle (Composer) May 24, 2022
Moodle Email media URL tokens were not checking for user status Moderate
CVE-2019-14883 was published for moodle/moodle (Composer) May 24, 2022
Moodle XSS Vulnerability Moderate
CVE-2019-14881 was published for moodle/moodle (Composer) May 24, 2022
Moodle reflected Cross-site Scripting (XSS) Moderate
CVE-2019-14884 was published for moodle/moodle (Composer) May 24, 2022
jkylekelly
Golang Facebook Thrift servers vulnerable to denial of service High
CVE-2019-11939 was published for github.com/facebook/fbthrift (Go) May 24, 2022
Umbraco CMS Authenticated File Upload High
CVE-2020-9471 was published for UmbracoCMS.Core (NuGet) May 24, 2022
Subrion CMS CSRF Vulnerability High
CVE-2018-21037 was published for intelliants/subrion (Composer) May 24, 2022
Dolibarr ERP and CRM SQLi High
CVE-2019-19209 was published for dolibarr/dolibarr (Composer) May 24, 2022
Dolibarr ERP and CRM contain XSS Vulnerability Moderate
CVE-2019-19210 was published for dolibarr/dolibarr (Composer) May 24, 2022
Dolibarr ERP and CRM contain XSS Vulnerability Moderate
CVE-2019-19211 was published for dolibarr/dolibarr (Composer) May 24, 2022
Dolibarr Cross-site Scripting via the qty parameter in product/fournisseurs.php Critical
CVE-2019-19212 was published for dolibarr/dolibarr (Composer) May 24, 2022
Improper Control of Generation of Code in doT High
CVE-2020-8141 was published for dot (npm) May 24, 2022
OpenStack Manila Unprivileged users can retrieve, use and manipulate share networks High
CVE-2020-9543 was published for manila (pip) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0812 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ChakraCore RCE Vulnerability High
CVE-2020-0811 was published for Microsoft.ChakraCore (NuGet) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database