GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
51 advisories
Filter by severity
Drupal has open redirect vulnerability in the Overlay module
High
CVE-2013-6389
was published
for
drupal/drupal
(Composer)
May 17, 2022
Livewire Remote Code Execution on File Uploads
High
CVE-2024-47823
was published
for
livewire/livewire
(Composer)
Oct 8, 2024
Moodle ReCAPTCHA can be bypassed on the login page
High
CVE-2024-34009
was published
for
moodle/moodle
(Composer)
May 31, 2024
Moodle Improper Input Validation
High
CVE-2024-33999
was published
for
moodle/moodle
(Composer)
May 31, 2024
TYPO3 Arbitrary Shell Execution in Swiftmailer library
High
GHSA-45xg-4w5x-j429
was published
for
typo3/cms
(Composer)
May 30, 2024
silverstripe/framework has possible denial of service attack vector when flushing
High
GHSA-cwgq-83w5-8jfq
was published
for
silverstripe/framework
(Composer)
May 28, 2024
SimpleSAMLphp Authentication context bypass in the multiauth module
High
CVE-2017-12869
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 14, 2022
Froxlor arbitrary code execution via the database configuration options
High
CVE-2020-10235
was published
for
froxlor/froxlor
(Composer)
May 24, 2022
SimpleSAMLphp InfoCard module Incorrect signature verification
High
CVE-2017-12874
was published
for
simplesamlphp/simplesamlphp-module-infocard
(Composer)
May 14, 2022
EC-CUBE Improper input validation vulnerability
High
CVE-2020-5680
was published
for
ec-cube/ec-cube
(Composer)
May 24, 2022
CodeIgniter HTTP Header Injection
High
CVE-2017-1000247
was published
for
codeigniter4/framework
(Composer)
May 17, 2022
phpMyAdmin Cookie attribute injection attack
High
CVE-2017-1000016
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Moodle Portfolio script allows instantiation of class chosen by user
High
CVE-2018-1137
was published
for
moodle/moodle
(Composer)
May 14, 2022
Moodle Arbitrary file read when importing lesson questions
High
CVE-2022-35650
was published
for
moodle/moodle
(Composer)
Jul 26, 2022
Magento Improper input validation vulnerability
High
CVE-2022-42344
was published
for
magento/community-edition
(Composer)
Oct 20, 2022
TYPO3 Image Processing susceptible to Code Execution
High
CVE-2019-11832
was published
for
typo3/cms
(Composer)
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in TYPO3 CMS
High
CVE-2020-15099
was published
for
typo3/cms
(Composer)
Jul 29, 2020
Magento 2 Community Edition RCE Vulnerability
High
CVE-2019-7885
was published
for
magento/community-edition
(Composer)
May 24, 2022
Symfony collectionCascaded and collectionCascadedDeeply fields security bypass
High
CVE-2013-4751
was published
for
symfony/symfony
(Composer)
May 5, 2022
Access to restricted PHP code by dynamic static class access in smarty
High
CVE-2021-21408
was published
for
smarty/smarty
(Composer)
Jan 12, 2022
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
High
CVE-2020-15098
was published
for
typo3/cms
(Composer)
Jul 29, 2020
Broken Access Control in Form Framework
High
CVE-2021-21357
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Argument injection in a MimeTypeGuesser in Symfony
High
CVE-2019-18888
was published
for
symfony/http-foundation
(Composer)
Dec 2, 2019
Missing input validation can lead to command execution in composer
High
CVE-2022-24828
was published
for
composer/composer
(Composer)
Apr 22, 2022
ProTip!
Advisories are also available from the
GraphQL API