Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

63 advisories

Loading
Shopware has Improper Input Validation issue in newsletter subscription Moderate
CVE-2023-22734 was published for shopware/core (Composer) Jan 20, 2023
Shopware vulnerable to Improper Input Validation of Clearance sale in cart Moderate
CVE-2023-22730 was published for shopware/core (Composer) Jan 17, 2023
JoshuaBehrens aragon999
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent Moderate
CVE-2022-36032 was published for react/http (Composer) Sep 16, 2022
lavish
YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product Moderate
CVE-2021-4117 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
Manipulation of product reviews via API Moderate
CVE-2021-37707 was published for shopware/core (Composer) Aug 30, 2021
Crypt_GPG does not prevent additional options in GPG calls Moderate
CVE-2022-24953 was published for pear/crypt_gpg (Composer) Feb 18, 2022
Moodle Improper Input Validation vulnerability Moderate
CVE-2021-36402 was published for moodle/moodle (Composer) Mar 7, 2023
Firefly III vulnerable to improper input validation Moderate
CVE-2023-1789 was published for grumpydictator/firefly-iii (Composer) Apr 1, 2023
phpMyFAQ vulnerable to improper input validation Moderate
CVE-2023-1754 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
Browsershot version 3.57.3 vulnerable to improper input validation Moderate
CVE-2022-43984 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607
XMPP Clients User Impersonation Vulnerability in Movim Moxl Moderate
CVE-2017-5605 was published for movim/moxl (Composer) May 17, 2022
Logic error in dolibarr Moderate
CVE-2022-0174 was published for dolibarr/dolibarr (Composer) Jan 12, 2022
TYPO3 OpenID extension Open redirect vulnerability Moderate
CVE-2013-7079 was published for friendsoftypo3/openid (Composer) May 17, 2022
Drupal Open Redirect Moderate
CVE-2012-1589 was published for drupal/drupal (Composer) May 17, 2022
Typo3 API XSS Vulnerabilities Moderate
CVE-2012-1608 was published for typo3/cms (Composer) May 17, 2022
phpMyAdmin DoS Vulnerability Moderate
CVE-2016-6623 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Pimcore vulnerable to Business Logic Errors via Customer automation rules Moderate
CVE-2023-32075 was published for pimcore/customer-management-framework-bundle (Composer) May 11, 2023
khanhchauminh
omeka/omeka-s Improper Input Validation vulnerability Moderate
CVE-2023-4157 was published for omeka/omeka-s (Composer) Aug 4, 2023
Prevent injection of invalid entity ids for "autocomplete" fields Moderate
CVE-2023-41336 was published for symfony/ux-autocomplete (Composer) Sep 11, 2023
janklan
PrestaShop file deletion via attachment API Moderate
CVE-2023-39529 was published for prestashop/prestashop (Composer) Aug 9, 2023
kto94
PrestaShop file deletion via CustomerMessage Moderate
CVE-2023-39530 was published for prestashop/prestashop (Composer) Aug 9, 2023
kto94
Denial of service caused by infinite recursion when parsing SVG images Moderate
CVE-2023-50262 was published for dompdf/dompdf (Composer) Dec 13, 2023
cod3beat
Moodle Arbitrary File Read via Backup Functionality Moderate
CVE-2012-6099 was published for moodle/moodle (Composer) May 13, 2022
class.upload.php allows cross-site scripting attacks via uploaded files Moderate
CVE-2023-6551 was published for verot/class.upload.php (Composer) Jan 4, 2024
Magento Improper input validation vulnerability Moderate
CVE-2021-28585 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API