Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,010
Maven
5,000+
npm
5,000+
NuGet
976
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,403
Swift
61
Unreviewed advisories
All unreviewed
5,000+

45 advisories

Loading
TYPO3 Vulnerable to Insecure Deserialization High
CVE-2019-12747 was published for typo3/cms (Composer) May 24, 2022
ohader Credited to ohader
TYPO3 Image Processing susceptible to Code Execution High
CVE-2019-11832 was published for typo3/cms (Composer) May 24, 2022
ohader Credited to ohader
Cross-site Scripting in enshrined/svg-sanitize Moderate
CVE-2022-23638 was published for enshrined/svg-sanitize (Composer) Feb 14, 2022
zcorpan Credited to zcorpan and ohader ohader ohader
Cross-Site-Request-Forgery in Backend High
CVE-2021-41113 was published for typo3/cms (Composer) Oct 5, 2021
sushiwushi Credited to sushiwushi and ohader ohader ohader
Cross-Site Scripting via Rich-Text Content Moderate
CVE-2021-32768 was published for typo3/cms (Composer) Aug 19, 2021
sushiwushi Credited to sushiwushi, ohader, and einpraegsam ohader ohader
einpraegsam einpraegsam
Cross-Site Scripting in Bootstrap Package Moderate
CVE-2021-21365 was published for bk2k/bootstrap-package (Composer) Apr 29, 2021
ohader Credited to ohader
Unrestricted File Upload in Form Framework High
CVE-2021-21355 was published for typo3/cms (Composer) Mar 23, 2021
smichaelsen Credited to smichaelsen, ohader, marclindemann, vertexvaar, sushiwushi, and waldhacker1 ohader ohader
marclindemann marclindemann vertexvaar vertexvaar sushiwushi sushiwushi waldhacker1 waldhacker1
Cleartext storage of session identifier Moderate
CVE-2021-21339 was published for typo3/cms (Composer) Mar 23, 2021
ohader Credited to ohader
Cross-Site Scripting in Fluid view helpers Moderate
CVE-2020-26227 was published for typo3/cms (Composer) Dec 21, 2020
ohader Credited to ohader
Cleartext storage of session identifier High
CVE-2020-26228 was published for typo3/cms (Composer) Nov 23, 2020
liayn Credited to liayn, bmack, and ohader bmack bmack
ohader ohader
Cross-site Scripting vulnerability in Kitodo.Presentation Moderate
CVE-2020-16095 was published for kitodo/presentation (Composer) Jul 31, 2020
ohader Credited to ohader
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS High
CVE-2020-15099 was published for typo3/cms (Composer) Jul 29, 2020
ohader Credited to ohader
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS High
CVE-2020-15098 was published for typo3/cms (Composer) Jul 29, 2020
ohader Credited to ohader
Potential Remote Code Execution in TYPO3 with mediace extension Critical
CVE-2020-15086 was published for friendsoftypo3/mediace (Composer) Jul 29, 2020
ohader Credited to ohader
Backend Same-Site Request Forgery in TYPO3 CMS High
CVE-2020-11069 was published for typo3/cms (Composer) May 13, 2020
ohader Credited to ohader
Insecure Deserialization in Backend User Settings in TYPO3 CMS High
CVE-2020-11067 was published for typo3/cms (Composer) May 13, 2020
ohader Credited to ohader
Class destructors causing side-effects when being unserialized in TYPO3 CMS High
CVE-2020-11066 was published for typo3/cms (Composer) May 13, 2020
ohader Credited to ohader
Cross-Site Scripting in TYPO3 CMS Link Handling Moderate
CVE-2020-11065 was published for typo3/cms (Composer) May 13, 2020
josefglatz Credited to josefglatz and ohader ohader ohader
Information Disclosure in Password Reset Low
CVE-2020-11063 was published for typo3/cms (Composer) May 13, 2020
NeoBlack Credited to NeoBlack and ohader ohader ohader
XSS in enshrined/svg-sanitize due to mishandled script and data values in attributes High
CVE-2019-18857 was published for enshrined/svg-sanitize (Composer) Jan 8, 2020
ohader Credited to ohader
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database