Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,342
Erlang
31
GitHub Actions
22
Go
2,106
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

4,343 advisories

Loading
Persistent XSS in customer module in Shopware Low
GHSA-6gv9-7q4g-pmvm was published for shopware/shopware (Composer) Nov 13, 2020
Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0 Low
CVE-2020-15273 was published for baserproject/basercms (Composer) Nov 4, 2020
Aquilao
Exploitable inventory component chaining in PocketMine-MP High
GHSA-8jq6-w5cg-wm45 was published for pocketmine/pocketmine-mp (Composer) Nov 11, 2020
Muqsit CortexPE
Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings Low
CVE-2020-15155 was published for baserproject/basercms (Composer) Aug 28, 2020
Aquilao
RCE in Third Party Library in Shopware Low
GHSA-qvc5-cfrr-384v was published for shopware/core (Composer) Sep 23, 2020
patpilus
Unexpected database bindings High
GHSA-x7p5-p2c9-phvg was published for illuminate/database (Composer) Feb 2, 2021
XSS vulnerability when listing users on add & modify server pages. Moderate
GHSA-5822-pw57-vv37 was published for pterodactyl/panel (Composer) Oct 8, 2020
sergejostir
Persistent XSS in newsletter module in Shopware Low
GHSA-hrfh-fp4x-crrq was published for shopware/shopware (Composer) Nov 13, 2020
/user/sessions endpoint allows detecting valid accounts High
GHSA-7vwg-39h8-8qp8 was published for ezsystems/ezplatform-rest (Composer) Mar 11, 2021
Authenticated remote code execution Moderate
GHSA-pjj4-jjgc-h3r8 was published for shopware/platform (Composer) Mar 12, 2021
Cross-site scripting in eZ Platform Kernel High
GHSA-mrvj-7q4f-5p42 was published for ezsystems/ezplatform-kernel (Composer) Mar 19, 2021
Non-persistent XSS in the Storefront in Shopware Low
GHSA-qvhr-55hg-3qwv was published for shopware/core (Composer) Sep 23, 2020
z1tr0t3c
Exposure of .env if project root is configured as web root in shopware/production Moderate
GHSA-3pcr-4982-548m was published for shopware/production (Composer) Apr 13, 2021
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0 High
CVE-2020-15277 was published for baserproject/basercms (Composer) Oct 30, 2020
Aquilao
Reflected XSS with parameters in PostComment Moderate
CVE-2020-26225 was published for prestashop/productcomments (Composer) Nov 16, 2020
my3ker
Persistent XSS in shopping worlds Low
GHSA-28fw-88hq-6jmm was published for shopware/shopware (Composer) Nov 13, 2020
Authenticated Privilege Escalation Low
GHSA-5q58-x5h2-v5rx was published for shopware/core (Composer) Dec 21, 2020
Information exposure via query strings in URL Low
GHSA-cq6h-w3mc-57f4 was published for shopware/core (Composer) Dec 21, 2020
Cross-Site Scripting in Grav Moderate
GHSA-cvmr-6428-87w9 was published for getgrav/grav (Composer) Dec 10, 2020
ShrubberyRubbery
Authenticated Server Side Request Forgery Low
GHSA-8pfh-mm2g-hmc3 was published for shopware/core (Composer) Dec 21, 2020
Bypass of fix for CVE-2020-15247, Twig sandbox escape Low
CVE-2020-26231 was published for october/cms (Composer) Nov 23, 2020
ka1n4t
Users can edit the tags of any discussion Moderate
GHSA-32wx-4gxx-h48f was published for flarum/tags (Composer) Jan 29, 2021
LianSheng197 SychO9
Steam Socialite Provider v1 does not correctly validate openid server Critical
GHSA-hhw9-35p2-q2c5 was published for socialiteproviders/steam (Composer) Jan 29, 2021
MadMikeyB
XSS vulnerability in company name field in Mautic Moderate
CVE-2018-11200 was published for mautic/core (Composer) Jan 19, 2021
joanbono alanhartless
Potential Session Hijacking Low
GHSA-h9q8-5gv2-v6mg was published for shopware/platform (Composer) Mar 12, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database