GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
46 advisories
Filter by severity
Unexpected database bindings
High
GHSA-x7p5-p2c9-phvg
was published
for
illuminate/database
(Composer)
Feb 2, 2021
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
High
CVE-2020-15277
was published
for
baserproject/basercms
(Composer)
Oct 30, 2020
CSV injection in Craft CMS
High
GHSA-xrpj-f9v6-2332
was published
for
craftcms/cms
(Composer)
Oct 4, 2021
•
withdrawn
Command injection in czproject/git-php
High
CVE-2022-25866
was published
for
czproject/git-php
(Composer)
Apr 26, 2022
Known vulnerable to account takeover via host header injection attack in v1.3.1
High
CVE-2022-33011
was published
for
idno/known
(Composer)
Jul 9, 2022
Code injection in concrete CMS
High
CVE-2022-21829
was published
for
concrete5/core
(Composer)
Jun 25, 2022
Command injection in librenms
High
CVE-2022-29712
was published
for
librenms/librenms
(Composer)
Jun 3, 2022
October/System authenticated file write leads to remote code execution
High
CVE-2021-32649
was published
for
october/system
(Composer)
Jan 14, 2022
october/system arbitrary code execution
High
CVE-2021-32650
was published
for
october/system
(Composer)
Jan 14, 2022
Account Takeover Through Password Reset Poisoning
High
CVE-2022-33012
was published
for
microweber/microweber
(Composer)
Nov 22, 2022
snipe-IT vulnerable to host header injection
High
CVE-2022-23064
was published
for
snipe/snipe-it
(Composer)
May 3, 2022
Improper Encoding or Escaping of Output and Injection in LibreNMS
High
CVE-2019-12463
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
Remote code execution in turn extension for TYPO3
High
CVE-2020-15515
was published
for
marcwillmann/turn
(Composer)
Jul 29, 2020
RCE via PHP Object injection via SOAP Requests
High
CVE-2020-15244
was published
for
openmage/magento-lts
(Composer)
Oct 30, 2020
Insecure Inherited Permissions in neoan3-apps/template
High
CVE-2021-41170
was published
for
neoan3-apps/template
(Composer)
Nov 10, 2021
Injection in UserFrosting
High
CVE-2021-25994
was published
for
userfrosting/userfrosting
(Composer)
Jan 6, 2022
Authenticated remote code execution in October CMS
High
CVE-2022-21705
was published
for
october/system
(Composer)
Feb 23, 2022
Multiple vulnerabilities through filename manipulation in Archive_Tar
High
CVE-2020-28949
was published
for
pear/archive_tar
(Composer)
Apr 22, 2021
PEAR core file overwrite vulnerability
High
CVE-2017-5630
was published
for
pear/pear
(Composer)
May 13, 2022
SEOmatic for CraftCMS allows Server-Side Template Injection
High
CVE-2020-12790
was published
for
nystudio107/craft-seomatic
(Composer)
May 24, 2022
Craft CMS vulnerable to Remote Code Execution via unrestricted file extension
High
CVE-2023-32679
was published
for
craftcms/cms
(Composer)
May 22, 2023
Craft CMS vulnerable to Remote Code Execution via validatePath bypass
High
CVE-2023-40035
was published
for
craftcms/cms
(Composer)
Aug 21, 2023
Dolibarr Improper Input Validation vulnerability
High
CVE-2023-4197
was published
for
dolibarr/dolibarr
(Composer)
Nov 1, 2023
zenstruck/collection passing callable string to EntityRepository::find() and query()
High
CVE-2023-37473
was published
for
zenstruck/collection
(Composer)
Jul 14, 2023
grav Server-side Template Injection (SSTI) mitigation bypass
High
CVE-2023-37897
was published
for
getgrav/grav
(Composer)
Jul 19, 2023
ProTip!
Advisories are also available from the
GraphQL API