Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

1,152 advisories

Loading
October CMS auth bypass and account takeover High
CVE-2021-29487 was published for october/system (Composer) Aug 30, 2021
Account Takeover in Octobercms High
CVE-2021-32648 was published for october/system (Composer) Aug 30, 2021
Unauthenticated SQL Injection in Cachet High
CVE-2021-39165 was published for cachethq/cachet (Composer) Aug 30, 2021
phith0n
Cachet configuration leak High
CVE-2021-39174 was published for cachethq/cachet (Composer) Aug 30, 2021
thomas-chauchefoin-sonarsource
Cachet vulnerable to forced reinstall High
CVE-2021-39173 was published for cachethq/cachet (Composer) Aug 30, 2021
thomas-chauchefoin-sonarsource
Cachet vulnerable to new line injection during configuration edition High
CVE-2021-39172 was published for cachethq/cachet (Composer) Aug 30, 2021
thomas-chauchefoin-sonarsource tdunlap607
Cross-Site Scripting via SVG media files High
CVE-2021-37710 was published for shopware/core (Composer) Aug 23, 2021
Authenticated server-side request forgery in file upload via URL. High
CVE-2021-37711 was published for shopware/core (Composer) Aug 23, 2021
Privilege escalation via form generator High
CVE-2021-37627 was published for contao/contao (Composer) Aug 23, 2021
ausi
Directory Traversal in Archive_Tar High
CVE-2021-32610 was published for pear/archive_tar (Composer) Aug 9, 2021
Improper Input Validation in Centreon Web High
CVE-2019-16405 was published for centreon/centreon (Composer) Jul 28, 2021
Missing Authorization in TeamPass High
CVE-2020-11671 was published for nilsteampassnet/teampass (Composer) Jul 26, 2021
Incorrect Authorization in TeamPass High
CVE-2020-12477 was published for nilsteampassnet/teampass (Composer) Jul 26, 2021
SQL injection in pimcore/pimcore High
CVE-2021-23405 was published for pimcore/pimcore (Composer) Jul 13, 2021
Files or Directories Accessible to External Parties in ether/logs High
CVE-2021-32752 was published for ether/logs (Composer) Jul 12, 2021
Cross-site scripting (XSS) from field and configuration text displayed in the Panel High
CVE-2021-32735 was published for getkirby/cms (Composer) Jul 2, 2021
hdodov tdunlap607
Private files publicly accessible with Cloud Storage providers High
GHSA-vrf2-xghr-j52v was published for shopware/core (Composer) Jun 28, 2021
Cross-Site Request Forgery in forkcms High
CVE-2020-23264 was published for forkcms/forkcms (Composer) Jun 22, 2021
Command Injection in Centreon High
CVE-2020-13252 was published for centreon/centreon (Composer) Jun 22, 2021
PHPMailer untrusted code may be run from an overridden address validator High
CVE-2021-3603 was published for phpmailer/phpmailer (Composer) Jun 22, 2021
0xcrypto
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows High
CVE-2021-34551 was published for phpmailer/phpmailer (Composer) Jun 22, 2021
elFinder unsafe upload filtering leading to remote code execution High
CVE-2021-23394 was published for studio-42/elfinder (Composer) Jun 15, 2021
assaf-benjosef thomas-chauchefoin-sonarsource
SQL Injection in t3/dce High
CVE-2021-31777 was published for t3/dce (Composer) Jun 8, 2021
OS Command Injection in baserCMS High
CVE-2021-20682 was published for baserproject/basercms (Composer) Jun 8, 2021
Improper rate limiting in Koel High
CVE-2021-33563 was published for phanan/koel (Composer) Jun 1, 2021
ProTip! Advisories are also available from the GraphQL API