Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

33 advisories

Loading
Bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-14042 was published for bootstrap (RubyGems) Sep 13, 2018
tdunlap607 Credited to tdunlap607 and 1Jesper1 1Jesper1 1Jesper1
XSS vulnerability that affects bootstrap Moderate
CVE-2018-20676 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607 Credited to tdunlap607
bootstrap Cross-site Scripting vulnerability Moderate
CVE-2018-20677 was published for bootstrap (RubyGems) Jan 17, 2019
tdunlap607 Credited to tdunlap607
Remote Code Execution in SyliusResourceBundle Critical
CVE-2020-15146 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks Credited to isometriks and tdunlap607 tdunlap607 tdunlap607
Remote Code Execution in SyliusResourceBundle High
CVE-2020-15143 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks Credited to isometriks and tdunlap607 tdunlap607 tdunlap607
Cross-site scripting (XSS) from field and configuration text displayed in the Panel High
CVE-2021-32735 was published for getkirby/cms (Composer) Jul 2, 2021
yandodov Credited to yandodov and tdunlap607 tdunlap607 tdunlap607
Information Disclosure in User Authentication Moderate
CVE-2021-32767 was published for typo3/cms (Composer) Jul 26, 2021
tdunlap607 Credited to tdunlap607
Cachet vulnerable to new line injection during configuration edition High
CVE-2021-39172 was published for cachethq/cachet (Composer) Aug 30, 2021
thomas-chauchefoin-sonarsource Credited to thomas-chauchefoin-sonarsource and tdunlap607 tdunlap607 tdunlap607
Stored XSS vulnerability on Bounce Management Callback High
CVE-2021-27910 was published for mautic/core (Composer) Sep 1, 2021
tdunlap607 Credited to tdunlap607
XSS vulnerability on password reset page Moderate
CVE-2021-27909 was published for mautic/core (Composer) Sep 1, 2021
mohit-rocks Credited to mohit-rocks, ZhenwarX, and tdunlap607 ZhenwarX ZhenwarX
tdunlap607 tdunlap607
Use of a Broken or Risky Cryptographic Algorithm Low
CVE-2021-27913 was published for mautic/core (Composer) Sep 1, 2021
michaellrowley Credited to michaellrowley, mohit-rocks, and tdunlap607 mohit-rocks mohit-rocks
tdunlap607 tdunlap607
Unrestricted Uploads in Concrete5 High
CVE-2020-11476 was published for concrete5/concrete5 (Composer) Nov 3, 2021
tdunlap607 Credited to tdunlap607
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext Moderate
GHSA-fxwm-rx68-p5vx was published for ezsystems/ezplatform-richtext (Composer) Dec 1, 2021
tdunlap607 Credited to tdunlap607
Incorrect Authorization in Drupal core Moderate
CVE-2020-13676 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607 Credited to tdunlap607
Exposure of Resource to Wrong Sphere in Drupal Core High
CVE-2020-13670 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607 Credited to tdunlap607
Cross-site Scripting in Drupal Core Moderate
CVE-2020-13668 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607 Credited to tdunlap607
Cross-Site Request Forgery in Drupal core Moderate
CVE-2020-13674 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607 Credited to tdunlap607
Shopware user session is not logged out if the password is reset via password recovery Low
CVE-2022-24744 was published for shopware/core (Composer) Mar 10, 2022
tdunlap607 Credited to tdunlap607
Cross site scripting in safe-svg Moderate
CVE-2022-1091 was published for darylldoyle/safe-svg (Composer) Apr 19, 2022
tdunlap607 Credited to tdunlap607
Object state limitation has no effect Critical
GHSA-5x4f-7xgq-r42x was published for ezsystems/ezpublish-kernel (Composer) Apr 29, 2022
tdunlap607 Credited to tdunlap607
Bootstrap vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2018-14040 was published for bootstrap (RubyGems) May 13, 2022
jhutchings1 Credited to jhutchings1, stof, Churro, tdunlap607, and jenhae stof stof
Churro Churro tdunlap607 tdunlap607 jenhae jenhae
CakePHP allows remote attackers to spoof their IP High
CVE-2016-4793 was published for cakephp/cakephp (Composer) May 14, 2022
ravage84 Credited to ravage84 and tdunlap607 tdunlap607 tdunlap607
Login timing attack in ezsystems/ezpublish-kernel Critical
GHSA-xfqg-p48g-hh94 was published for ezsystems/ezpublish-kernel (Composer) Jun 2, 2022
tdunlap607 Credited to tdunlap607
LibreNMS vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-36745 was published for librenms/librenms (Composer) Aug 31, 2022
tdunlap607 Credited to tdunlap607
Concrete CMS vulnerable to Improper Authentication Moderate
CVE-2022-43690 was published for concrete5/concrete5 (Composer) Nov 15, 2022
tdunlap607 Credited to tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database