GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,981
Maven
5,000+
npm
3,700
NuGet
656
pip
3,319
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,395 advisories
Filter by severity
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14041
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-14042
was published
for
bootstrap
(RubyGems)
Sep 13, 2018
Ckeditor XSS Vulnerability
Moderate
CVE-2018-17960
was published
for
ckeditor
(Composer)
Nov 21, 2018
Bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2016-10735
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
XSS vulnerability that affects bootstrap
Moderate
CVE-2018-20676
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
bootstrap Cross-site Scripting vulnerability
Moderate
CVE-2018-20677
was published
for
bootstrap
(RubyGems)
Jan 17, 2019
Bootstrap Vulnerable to Cross-Site Scripting
Moderate
CVE-2019-8331
was published
for
Bootstrap.Less
(RubyGems)
Feb 22, 2019
Moderate severity vulnerability that affects league/commonmark
Moderate
CVE-2019-10010
was published
for
league/commonmark
(Composer)
Sep 17, 2019
Missing Authorization in Drupal
Moderate
CVE-2017-6923
was published
for
drupal/core
(Composer)
Oct 10, 2019
Missing Authentication for Critical Function in LibreNMS
Moderate
CVE-2019-10668
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
Exposure of Sensitive Information to an Unauthorized Actor in LibreNMS
Moderate
CVE-2019-10667
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
Cross-site Scripting in YII2-CMS
Moderate
CVE-2019-16130
was published
for
yii2mod/yii2-cms
(Composer)
Oct 14, 2019
Incorrect Access Control vulnerability in api-platform/core
Moderate
CVE-2019-1000011
was published
for
api-platform/core
(Composer)
Oct 14, 2019
Cross-site Scripting in Bolt
Moderate
CVE-2019-15485
was published
for
bolt/bolt
(Composer)
Nov 8, 2019
Cross-site scripting in Dolibarr
Moderate
CVE-2019-16197
was published
for
dolibarr/dolibarr
(Composer)
Nov 8, 2019
Cross-site Scripting in Grav
Moderate
CVE-2019-16126
was published
for
getgrav/grav
(Composer)
Nov 8, 2019
Authorization Bypass Through User-Controlled Key in Bagisto
Moderate
CVE-2019-16403
was published
for
bagisto/bagisto
(Composer)
Nov 8, 2019
Information disclosure through processing of external XML entities
Moderate
CVE-2019-8126
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Bypass of sitemp access restrictions
Moderate
CVE-2019-8133
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Magento Cross-Site Scripting via Attribute Set Name
Moderate
CVE-2019-8145
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Composer JavaScript injection possible via html comments
Moderate
CVE-2019-8233
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Symfony Cross-site Scripting (XSS) vulnerability
Moderate
CVE-2019-10909
was published
for
drupal/core
(Composer)
Nov 12, 2019
SilverStripe Versioned Files module Unpublished files are exposed publicly
Moderate
CVE-2019-16409
was published
for
silverstripe/framework
(Composer)
Nov 12, 2019
Session fixation in change password form
Moderate
CVE-2019-12203
was published
for
silverstripe/framework
(Composer)
Nov 12, 2019
Lack of access control on upoaded files
Moderate
CVE-2019-12245
was published
for
silverstripe/assets
(Composer)
Nov 12, 2019
ProTip!
Advisories are also available from the
GraphQL API