Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

201 advisories

Loading
SilverStripe Priviledge escalation through cache pollution Low
CVE-2019-12617 was published for silverstripe/framework (Composer) Nov 12, 2019
Internal exception message exposure for login action in Sylius Low
CVE-2019-16768 was published for sylius/sylius (Composer) Dec 5, 2019
Log injection in SimpleSAMLphp Low
CVE-2020-5225 was published for simplesamlphp/simplesamlphp (Composer) Jan 24, 2020
Cross-site scripting in SimpleSAMLphp Low
CVE-2020-5226 was published for simplesamlphp/simplesamlphp (Composer) Jan 24, 2020
Link injection in SimpleSAMLphp Low
GHSA-2r3v-q9x3-7g46 was published for simplesamlphp/simplesamlphp (Composer) Jan 24, 2020
hyp3rlinx
Ability to switch channels via GET parameter enabled in production environments Low
CVE-2020-5218 was published for sylius/sylius (Composer) Jan 31, 2020
SMTP Injection in PHPMailer Low
CVE-2015-8476 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Prevent cache poisoning via a Response Content-Type header in Symfony Low
CVE-2020-5255 was published for symfony/http-foundation (Composer) Mar 30, 2020
xavierlacot yceruto
Tobion
Information disclosure of source code in SimpleSAMLphp Low
CVE-2020-5301 was published for simplesamlphp/simplesamlphp (Composer) Apr 22, 2020
slawn
Information Disclosure in Password Reset Low
CVE-2020-11063 was published for typo3/cms (Composer) May 13, 2020
NeoBlack
Upload whitelisted files to any directory in OctoberCMS Low
CVE-2020-5297 was published for october/cms (Composer) Jun 3, 2020
staz0t
Cross-site Scripting in October Low
CVE-2020-4061 was published for october/backend (Composer) Jul 2, 2020
tomaszstrojny
Stored XSS in October Low
CVE-2020-11083 was published for october/backend (Composer) Aug 5, 2020
staz0t
Cross Site Scripting in baserCMS Low
CVE-2020-15154 was published for baserproject/basercms (Composer) Aug 28, 2020
Aquilao
Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings Low
CVE-2020-15155 was published for baserproject/basercms (Composer) Aug 28, 2020
Aquilao
Cross Site Scripting and RCE in baserCMS Low
CVE-2020-15159 was published for baserproject/basercms (Composer) Aug 28, 2020
stypr
personnummer/php vulnerable to Improper Input Validation Low
GHSA-2p6g-gjp8-ggg9 was published for personnummer/personnummer (Composer) Sep 9, 2020
RCE in Third Party Library in Shopware Low
GHSA-qvc5-cfrr-384v was published for shopware/core (Composer) Sep 23, 2020
patpilus
Non-persistent XSS in the Storefront in Shopware Low
GHSA-qvhr-55hg-3qwv was published for shopware/core (Composer) Sep 23, 2020
z1tr0t3c
Denial of Service via Cache Flooding Low
GHSA-p68v-frgx-4rjp was published for shopware/core (Composer) Oct 19, 2020
Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0 Low
CVE-2020-15276 was published for baserproject/basercms (Composer) Oct 30, 2020
Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0 Low
CVE-2020-15273 was published for baserproject/basercms (Composer) Nov 4, 2020
Aquilao
Persistent XSS in customer module in Shopware Low
GHSA-6gv9-7q4g-pmvm was published for shopware/shopware (Composer) Nov 13, 2020
Persistent XSS in shopping worlds Low
GHSA-28fw-88hq-6jmm was published for shopware/shopware (Composer) Nov 13, 2020
Persistent XSS in newsletter module in Shopware Low
GHSA-hrfh-fp4x-crrq was published for shopware/shopware (Composer) Nov 13, 2020
ProTip! Advisories are also available from the GraphQL API