Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,150
Maven
5,000+
npm
3,815
NuGet
690
pip
3,490
Pub
12
RubyGems
902
Rust
900
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,517 advisories

Loading
Magento Reflected Cross-site Scripting vulnerability via 'file' parameter Moderate
CVE-2021-21029 was published for magento/community-edition (Composer) May 24, 2022
Magento Insecure Direct Object Reference (IDOR) in the product module Moderate
CVE-2021-21022 was published for magento/community-edition (Composer) May 24, 2022
Magento Insufficient Session Expiration Moderate
CVE-2021-21032 was published for magento/community-edition (Composer) May 24, 2022
Magento stored cross-site scripting vulnerability in the admin console Moderate
CVE-2021-21023 was published for magento/community-edition (Composer) May 24, 2022
Magento improper authorization vulnerability in the integrations module Moderate
CVE-2021-21026 was published for magento/community-edition (Composer) May 24, 2022
Magento stored cross-site scripting (XSS) in the customer address upload feature High
CVE-2021-21030 was published for magento/community-edition (Composer) May 24, 2022
Magento cross-site request forgery (CSRF) vulnerability via the GraphQL API Moderate
CVE-2021-21027 was published for magento/community-edition (Composer) May 24, 2022
Magento Blind SQL Injection in the Search module Critical
CVE-2021-21024 was published for magento/community-edition (Composer) May 24, 2022
Magento XML injection in the Widgets module Critical
CVE-2021-21019 was published for magento/community-edition (Composer) May 24, 2022
Magento Improper Access Control Moderate
CVE-2021-21020 was published for magento/community-edition (Composer) May 24, 2022
Magento XPath Injection Critical
CVE-2021-21025 was published for magento/community-edition (Composer) May 24, 2022
Magento vulnerable to a file upload restriction bypass Critical
CVE-2021-21014 was published for magento/community-edition (Composer) May 24, 2022
Magento OS Command Injection Critical
CVE-2021-21018 was published for magento/community-edition (Composer) May 24, 2022
Magento OS command injection via the customer attribute save controller High
CVE-2021-21015 was published for magento/community-edition (Composer) May 24, 2022
Magento OS command injection via the WebAPI Critical
CVE-2021-21016 was published for magento/community-edition (Composer) May 24, 2022
insert_slice_clone can double drop if Clone panics. Moderate
CVE-2021-26954 was published for qwutils (Rust) May 24, 2022
Insertion of Sensitive Information into Log File in Elasticsearch Moderate
CVE-2020-7021 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
Incorrect Default Permissions in JetBrains Kotlin Moderate
CVE-2020-29582 was published for org.jetbrains.kotlin:kotlin-stdlib (Maven) May 24, 2022
Moodle Vulnerable to Reflected Cross-site Scripting Moderate
CVE-2021-20183 was published for moodle/moodle (Composer) May 24, 2022
Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration High
CVE-2021-20187 was published for moodle/moodle (Composer) May 24, 2022
Moodle Grade information disclosure in grade's external fetch functions Moderate
CVE-2021-20184 was published for moodle/moodle (Composer) May 24, 2022
Moodle Cross-site Scripting Moderate
CVE-2021-20186 was published for moodle/moodle (Composer) May 24, 2022
Moodle Client side denial of service via personal message Moderate
CVE-2021-20185 was published for moodle/moodle (Composer) May 24, 2022
Codiad Vulnerable to PHP Magic Hash Vulnerability High
CVE-2020-23355 was published for codiad/codiad (Composer) May 24, 2022
Zen Cart vulnerable to authenticated remote code execution High
CVE-2021-3291 was published for zencart/zencart (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database