GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
476 advisories
Filter by severity
SQL injection in vhs (aka VHS: Fluid ViewHelpers)
Critical
CVE-2021-28381
was published
for
fluidtypo3/vhs
(Composer)
Mar 29, 2021
Unauthenticated remote code execution in Ignition
Critical
CVE-2021-3129
was published
for
facade/ignition
(Composer)
Mar 29, 2021
PHP Code Injection by malicious function name in smarty
Critical
CVE-2021-26120
was published
for
smarty/smarty
(Composer)
Feb 26, 2021
October CMS Session ID not invalidated after logout
Critical
CVE-2021-3311
was published
for
october/rain
(Composer)
Feb 10, 2021
Leak of information via Store-API
Critical
GHSA-f2vv-h5x4-57gr
was published
for
shopware/platform
(Composer)
Feb 10, 2021
Steam Socialite Provider v1 does not correctly validate openid server
Critical
GHSA-hhw9-35p2-q2c5
was published
for
socialiteproviders/steam
(Composer)
Jan 29, 2021
XSS vulnerability leveraged through referrers could allow un-authorized admin access in Mautic
Critical
CVE-2020-35124
was published
for
mautic/core
(Composer)
Jan 19, 2021
Remote Code Execution in SyliusResourceBundle
Critical
CVE-2020-15146
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
Potential Remote Code Execution in TYPO3 with mediace extension
Critical
CVE-2020-15086
was published
for
friendsoftypo3/mediace
(Composer)
Jul 29, 2020
Potential Code Injection in Sprout Forms
Critical
CVE-2020-11056
was published
for
barrelstrength/sprout-base-email
(Composer)
May 8, 2020
Remote code execution in PHPMailer
Critical
CVE-2016-10033
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Remote code execution in PHPMailer
Critical
CVE-2016-10045
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
class.upload.php in verot.net omits .pht from the set of dangerous file extensions
Critical
CVE-2019-19634
was published
for
verot/class.upload.php
(Composer)
Feb 28, 2020
Improper Input Validation in Symfony
Critical
CVE-2019-11325
was published
for
symfony/symfony
(Composer)
Feb 12, 2020
SQL injection in Centreon
Critical
CVE-2019-16194
was published
for
centreon/centreon
(Composer)
Feb 11, 2020
Incorrect persistent NameID generation in SimpleSAMLphp
Critical
CVE-2017-12873
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Remote code execution in verot/class.upload.php
Critical
CVE-2019-19576
was published
for
verot/class.upload.php
(Composer)
Jan 16, 2020
SQL injection in phpMyAdmin
Critical
CVE-2019-18622
was published
for
phpmyadmin/phpmyadmin
(Composer)
Jan 16, 2020
Invalid HTTP method overrides allow possible XSS or other attacks in Symfony
Critical
CVE-2019-10913
was published
for
symfony/http-foundation
(Composer)
Dec 2, 2019
Symfony Unsafe Cache Serialization Could Enable RCE
Critical
CVE-2019-18889
was published
for
symfony/cache
(Composer)
Dec 2, 2019
SQL Injection in usmanhalalit/pixie
Critical
CVE-2019-10766
was published
for
usmanhalalit/pixie
(Composer)
Nov 20, 2019
Symfony Service IDs Allow Injection
Critical
CVE-2019-10910
was published
for
symfony/dependency-injection
(Composer)
Nov 18, 2019
Missing warning can lead to unauthenticated admin access in SilverStripe
Critical
CVE-2019-12204
was published
for
silverstripe/cms
(Composer)
Nov 12, 2019
Remote code execution via vulnerable Symphony dependecy injection
Critical
CVE-2019-8135
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
SQL Injection in SimpleSAMLphp
Critical
CVE-2019-15537
was published
for
cesnet/simplesamlphp-module-proxystatistics
(Composer)
Nov 8, 2019
ProTip!
Advisories are also available from the
GraphQL API