GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,873 advisories
Filter by severity
Showdoc Forced Browsing
Moderate
CVE-2018-19609
was published
for
showdoc/showdoc
(Composer)
May 14, 2022
Showdoc CSRF Vulnerability
Moderate
CVE-2018-19621
was published
for
showdoc/showdoc
(Composer)
May 14, 2022
XSS in PHP-Proxy-App through v3.0
Moderate
CVE-2018-19785
was published
for
athlon1600/php-proxy-app
(Composer)
May 14, 2022
Asset Pipeline plugin for Grails vulnerable to Path Traversal
High
CVE-2018-17605
was published
for
org.grails.plugins:asset-pipeline
(Maven)
May 14, 2022
Umbraco CMS vulnerable to stored XSS
Moderate
CVE-2018-17256
was published
for
umbraco
(NuGet)
May 14, 2022
Flarum Core Leaks PII
Moderate
CVE-2018-19133
was published
for
flarum/framework
(Composer)
May 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API
Moderate
CVE-2018-19413
was published
for
org.sonarsource.sonarqube:sonar-plugin-api
(Maven)
May 14, 2022
RDF4J vulnerable to zip slip
High
CVE-2018-20227
was published
for
org.eclipse.rdf4j:rdf4j
(Maven)
May 14, 2022
Bolt Cross-site Scripting (XSS) via text input click preview button
Moderate
CVE-2018-19933
was published
for
bolt/bolt
(Composer)
May 14, 2022
Dolibarr stored cross-site scripting (XSS) vulnerability
Moderate
CVE-2018-19995
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
CSRF in PHP Server Monitor before 3.3.2
Moderate
CVE-2018-18921
was published
for
phpservermon/phpservermon
(Composer)
May 14, 2022
Dolibarr stored cross-site scripting (XSS) vulnerability
Moderate
CVE-2018-19992
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Dolibarr reflected cross-site scripting (XSS) vulnerability
Moderate
CVE-2018-19993
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Grafana XSS Vulnerability
Moderate
CVE-2018-1000816
was published
for
github.com/grafana/grafana
(Go)
May 14, 2022
Improper Input Validation in Apache Karaf
Moderate
CVE-2014-0219
was published
for
org.apache.karaf:apache-karaf
(Maven)
May 14, 2022
Dolibarr error-based SQL injection vulnerability in product/card.php
High
CVE-2018-19994
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Dolibarr SQL injection vulnerability in user/card.php
High
CVE-2018-19998
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Denial of service in ASP.NET Core
High
CVE-2019-0564
was published
for
Microsoft.AspNetCore.All
(NuGet)
May 14, 2022
Exposure of Sensitive Information in System.Net.Http
High
CVE-2019-0545
was published
for
Microsoft.NETCore.App
(NuGet)
May 14, 2022
Dolibarr ERP and CRM contain XSS Vulnerability
Moderate
CVE-2018-19799
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Microweber XSS Vulnerability
Moderate
CVE-2018-1000826
was published
for
microweber/microweber
(Composer)
May 14, 2022
PHP League CommonMark vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2018-20583
was published
for
league/commonmark
(Composer)
May 14, 2022
Stored XSS vulnerability in Config File Provider Plugin
Moderate
CVE-2018-1000413
was published
for
org.jenkins-ci.plugins:config-file-provider
(Maven)
May 14, 2022
XML External Entity Reference in weixin-java-tools
Critical
CVE-2019-5312
was published
for
com.github.binarywang:weixin-java-common
(Maven)
May 14, 2022
Shopware SQL Injection
High
CVE-2018-20713
was published
for
shopware/shopware
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API