Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,873 advisories

Showdoc Forced Browsing Moderate
CVE-2018-19609 was published for showdoc/showdoc (Composer) May 14, 2022
Showdoc CSRF Vulnerability Moderate
CVE-2018-19621 was published for showdoc/showdoc (Composer) May 14, 2022
XSS in PHP-Proxy-App through v3.0 Moderate
CVE-2018-19785 was published for athlon1600/php-proxy-app (Composer) May 14, 2022
Asset Pipeline plugin for Grails vulnerable to Path Traversal High
CVE-2018-17605 was published for org.grails.plugins:asset-pipeline (Maven) May 14, 2022
Umbraco CMS vulnerable to stored XSS Moderate
CVE-2018-17256 was published for umbraco (NuGet) May 14, 2022
Flarum Core Leaks PII Moderate
CVE-2018-19133 was published for flarum/framework (Composer) May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API Moderate
CVE-2018-19413 was published for org.sonarsource.sonarqube:sonar-plugin-api (Maven) May 14, 2022
MarkLee131
RDF4J vulnerable to zip slip High
CVE-2018-20227 was published for org.eclipse.rdf4j:rdf4j (Maven) May 14, 2022
MarkLee131
Bolt Cross-site Scripting (XSS) via text input click preview button Moderate
CVE-2018-19933 was published for bolt/bolt (Composer) May 14, 2022
Dolibarr stored cross-site scripting (XSS) vulnerability Moderate
CVE-2018-19995 was published for dolibarr/dolibarr (Composer) May 14, 2022
CSRF in PHP Server Monitor before 3.3.2 Moderate
CVE-2018-18921 was published for phpservermon/phpservermon (Composer) May 14, 2022
Dolibarr stored cross-site scripting (XSS) vulnerability Moderate
CVE-2018-19992 was published for dolibarr/dolibarr (Composer) May 14, 2022
Dolibarr reflected cross-site scripting (XSS) vulnerability Moderate
CVE-2018-19993 was published for dolibarr/dolibarr (Composer) May 14, 2022
Grafana XSS Vulnerability Moderate
CVE-2018-1000816 was published for github.com/grafana/grafana (Go) May 14, 2022
Improper Input Validation in Apache Karaf Moderate
CVE-2014-0219 was published for org.apache.karaf:apache-karaf (Maven) May 14, 2022
Dolibarr error-based SQL injection vulnerability in product/card.php High
CVE-2018-19994 was published for dolibarr/dolibarr (Composer) May 14, 2022
Dolibarr SQL injection vulnerability in user/card.php High
CVE-2018-19998 was published for dolibarr/dolibarr (Composer) May 14, 2022
Denial of service in ASP.NET Core High
CVE-2019-0564 was published for Microsoft.AspNetCore.All (NuGet) May 14, 2022
Exposure of Sensitive Information in System.Net.Http High
CVE-2019-0545 was published for Microsoft.NETCore.App (NuGet) May 14, 2022
Dolibarr ERP and CRM contain XSS Vulnerability Moderate
CVE-2018-19799 was published for dolibarr/dolibarr (Composer) May 14, 2022
Microweber XSS Vulnerability Moderate
CVE-2018-1000826 was published for microweber/microweber (Composer) May 14, 2022
PHP League CommonMark vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2018-20583 was published for league/commonmark (Composer) May 14, 2022
jhutchings1
Stored XSS vulnerability in Config File Provider Plugin Moderate
CVE-2018-1000413 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 14, 2022
XML External Entity Reference in weixin-java-tools Critical
CVE-2019-5312 was published for com.github.binarywang:weixin-java-common (Maven) May 14, 2022
q5438722
Shopware SQL Injection High
CVE-2018-20713 was published for shopware/shopware (Composer) May 14, 2022
ProTip! Advisories are also available from the GraphQL API