GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20 advisories
Filter by severity
Potential XSS vulnerability in jQuery
Moderate
CVE-2020-11022
was published
for
jquery
(RubyGems)
Apr 29, 2020
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
Moderate
CVE-2019-11358
was published
for
django
(RubyGems)
Apr 26, 2019
Cross-site scripting vulnerability in includes/actions/InfoAction.php
Moderate
CVE-2014-2853
was published
for
mediawiki/core
(Composer)
May 17, 2022
img_auth.php may leak private extension images into the public cache
Moderate
CVE-2020-15005
was published
for
mediawiki/core
(Composer)
May 24, 2022
X-Forwarded-For header allows brute-forcing autoblocked IP addresses
Critical
CVE-2023-29141
was published
for
mediawiki/core
(Composer)
Mar 31, 2023
PEAR::Archive_Tar Directory Traversal vulnerability
Critical
CVE-2006-0931
was published
for
pear/archive_tar
(Composer)
May 1, 2022
MediaWiki Denial of Service vulnerability
High
CVE-2023-45363
was published
for
mediawiki/core
(Composer)
Oct 9, 2023
Drupal has open redirect vulnerability in the Overlay module
High
CVE-2013-6389
was published
for
drupal/drupal
(Composer)
May 17, 2022
phpBB 3.0.7 allows remote attackers to bypass intended access restrictions
High
CVE-2010-1627
was published
for
phpbb/phpbb
(Composer)
May 17, 2022
phpBB vulnerability related to use of "forum id" in circumstances related to a "global announcement."
High
CVE-2010-1630
was published
for
phpbb/phpbb
(Composer)
May 17, 2022
phpBB vulnerable to sensitive information disclosure
High
CVE-2008-6507
was published
for
phpbb/phpbb
(Composer)
May 17, 2022
phpBB's Smiley Pack acp_icons.php main pack vulnerable to cross site scripting
Moderate
CVE-2023-5917
was published
for
phpbb/phpbb
(Composer)
Nov 2, 2023
HTML Purifier allows remote attackers to obtain sensitive information
Moderate
CVE-2011-3744
was published
for
ezyang/htmlpurifier
(Composer)
May 17, 2022
HTML Purifier Cross-site Scripting vulnerability
Moderate
CVE-2007-3498
was published
for
ezyang/htmlpurifier
(Composer)
May 1, 2022
Cross site scripting in ameos_tarteaucitron
Moderate
CVE-2022-33155
was published
for
ameos/ameos_tarteaucitron
(Composer)
Jul 13, 2022
CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection
Moderate
CVE-2024-24815
was published
for
ckeditor/ckeditor
(Composer)
Feb 7, 2024
Path manipulation in matyhtf/framework
Critical
CVE-2021-43676
was published
for
matyhtf/framework
(Composer)
Dec 4, 2021
Server-Side Request Forgery and Open Redirect in AllTube Download
High
CVE-2022-24739
was published
for
rudloff/alltube
(Composer)
Mar 9, 2022
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Moderate
CVE-2023-46734
was published
for
symfony/symfony
(Composer)
Nov 12, 2023
phpBB Server-Side Request Forgery Vulnerability
Moderate
CVE-2020-8226
was published
for
phpbb/phpbb
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API