Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

33 advisories

Loading
php-mod/curl allows Cross-site Scripting Moderate
CVE-2021-30134 was published for php-mod/curl (Composer) Dec 26, 2022
tdunlap607
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter) Critical
CVE-2022-47408 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
ohader tdunlap607
Zenario CMS is vulnerable to Remote Code Execution (RCE). Critical
CVE-2022-44136 was published for tribalsystems/zenario (Composer) Nov 30, 2022
tdunlap607
code injection in phpxmlrpc/phpxmlrpc High
GHSA-3fgr-xjr6-xqm8 was published for phpxmlrpc/phpxmlrpc (Composer) Nov 28, 2022
tdunlap607
Browsershot version 3.57.3 vulnerable to improper input validation Moderate
CVE-2022-43984 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607
Browsershot does not validate URL protocols passed to Browsershot URL method High
CVE-2022-41706 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607
Concrete CMS vulnerable to Reflected Cross-site Scripting Moderate
CVE-2022-43692 was published for concrete5/concrete5 (Composer) Nov 15, 2022
tdunlap607
Concrete CMS vulnerable to Cross-site Scripting Moderate
CVE-2022-43688 was published for concrete5/concrete5 (Composer) Nov 15, 2022
tdunlap607
Concrete CMS vulnerable to Improper Authentication Moderate
CVE-2022-43690 was published for concrete5/concrete5 (Composer) Nov 15, 2022
tdunlap607
LibreNMS vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2022-36745 was published for librenms/librenms (Composer) Aug 31, 2022
tdunlap607
Login timing attack in ezsystems/ezpublish-kernel Critical
GHSA-xfqg-p48g-hh94 was published for ezsystems/ezpublish-kernel (Composer) Jun 2, 2022
tdunlap607
CakePHP allows remote attackers to spoof their IP High
CVE-2016-4793 was published for cakephp/cakephp (Composer) May 14, 2022
ravage84 tdunlap607
Bootstrap vulnerable to Cross-Site Scripting (XSS) Moderate
CVE-2018-14040 was published for bootstrap (RubyGems) May 13, 2022
jhutchings1 stof
Churro tdunlap607 jenhae
Object state limitation has no effect Critical
GHSA-5x4f-7xgq-r42x was published for ezsystems/ezpublish-kernel (Composer) Apr 29, 2022
tdunlap607
Cross site scripting in safe-svg Moderate
CVE-2022-1091 was published for darylldoyle/safe-svg (Composer) Apr 19, 2022
tdunlap607
Shopware user session is not logged out if the password is reset via password recovery Low
CVE-2022-24744 was published for shopware/core (Composer) Mar 10, 2022
tdunlap607
Cross-Site Request Forgery in Drupal core Moderate
CVE-2020-13674 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
Exposure of Resource to Wrong Sphere in Drupal Core High
CVE-2020-13670 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
Cross-site Scripting in Drupal Core Moderate
CVE-2020-13668 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
Incorrect Authorization in Drupal core Moderate
CVE-2020-13676 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext Moderate
GHSA-fxwm-rx68-p5vx was published for ezsystems/ezplatform-richtext (Composer) Dec 1, 2021
tdunlap607
Unrestricted Uploads in Concrete5 High
CVE-2020-11476 was published for concrete5/concrete5 (Composer) Nov 3, 2021
tdunlap607
Use of a Broken or Risky Cryptographic Algorithm Low
CVE-2021-27913 was published for mautic/core (Composer) Sep 1, 2021
michaellrowley mohit-rocks
tdunlap607
XSS vulnerability on password reset page Moderate
CVE-2021-27909 was published for mautic/core (Composer) Sep 1, 2021
mohit-rocks ZhenwarX
tdunlap607
Stored XSS vulnerability on Bounce Management Callback High
CVE-2021-27910 was published for mautic/core (Composer) Sep 1, 2021
tdunlap607
ProTip! Advisories are also available from the GraphQL API