Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

21,198 advisories

Loading
Magento security mitigation bypass vulnerability Moderate
CVE-2020-9692 was published for magento/community-edition (Composer) May 24, 2022
Magento DOM-based Cross-site scripting vulnerability Critical
CVE-2020-9691 was published for magento/community-edition (Composer) May 24, 2022
Magento path traversal vulnerability Moderate
CVE-2020-9689 was published for magento/community-edition (Composer) May 24, 2022
ingress-nginx component for Kubernetes allows file overwrite Moderate
CVE-2020-8553 was published for k8s.io/ingress-nginx (Go) May 24, 2022
Grin insufficient data validation High
CVE-2020-15899 was published for grin (Rust) May 24, 2022
Shopware database password is leaked to an unauthenticated users High
CVE-2020-13997 was published for shopware/core (Composer) May 24, 2022
mitelg
Shopware vulnerable to Cross-site Scripting Moderate
CVE-2020-13971 was published for shopware/platform (Composer) May 24, 2022
Shopware vulnerable to SSRF High
CVE-2020-13970 was published for shopware/platform (Composer) May 24, 2022
Grafana stored XSS Moderate
CVE-2020-11110 was published for github.com/grafana/grafana (Go) May 24, 2022
Wildfly EJB Client causes DoS Moderate
CVE-2020-14297 was published for org.jboss:jboss-ejb-client (Maven) May 24, 2022
bsdiff4 out-of-bounds write via patch file High
CVE-2020-15904 was published for bsdiff4 (pip) May 24, 2022
MunkiReport Software Update module is vulnerable to SQL injection High
CVE-2020-15887 was published for munkireport/softwareupdate (Composer) May 24, 2022
MunkiReport Cross-Site Scripting (XSS) Filter Bypass On Comment Moderate
CVE-2020-15885 was published for munkireport/comment (Composer) May 24, 2022
MarkLee131
MunkiReport Managed Installs module Reflected Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2020-15883 was published for munkireport/managedinstalls (Composer) May 24, 2022
MarkLee131
MunkiReport munki_facts module Cross-Site Scripting (XSS) vulnerability Moderate
CVE-2020-15881 was published for munkireport/munki_facts (Composer) May 24, 2022
MunkiReport reportdata module SQL injection vulnerability High
CVE-2020-15886 was published for munkireport/reportdata (Composer) May 24, 2022
DevSpace vulnerable to remote code execution Critical
CVE-2020-15391 was published for github.com/loft-sh/devspace (Go) May 24, 2022
Magento php object injection vulnerability Critical
CVE-2020-9664 was published for magento/core (Composer) May 24, 2022
Magento stored cross-site scripting vulnerability Moderate
CVE-2020-9665 was published for magento/core (Composer) May 24, 2022
LibreNMS SQL Injection vulnerability Moderate
CVE-2020-15873 was published for librenms/librenms (Composer) May 24, 2022
Microweber Discloses Sensitive Information High
CVE-2020-13405 was published for microweber/microweber (Composer) May 24, 2022
Silverstripe CMS XSS Vulnerability Moderate
CVE-2020-9311 was published for silverstripe/cms (Composer) May 24, 2022
Silverstripe CMS malicious file upload enables script execution High
CVE-2020-9309 was published for silverstripe/cms (Composer) May 24, 2022
Silverstripe has Incorrect Default Permissions Moderate
CVE-2020-6165 was published for silverstripe/graphql (Composer) May 24, 2022
Silverstripe CMS information disclosure High
CVE-2020-6164 was published for silverstripe/cms (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database