GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
476 advisories
Filter by severity
Login timing attack in ibexa/core
Critical
GHSA-2x4v-g8cx-jxrq
was published
for
ibexa/core
(Composer)
Jun 2, 2022
Login timing attack in ezsystems/ezplatform-kernel
Critical
GHSA-342c-vcff-2ff2
was published
for
ezsystems/ezplatform-kernel
(Composer)
Jun 2, 2022
Islandora 2.0 before 2.4.1 could allow any user to upload content into a repository
Critical
GHSA-m58q-qq5h-mgqq
was published
for
islandora/islandora
(Composer)
Jul 21, 2022
phpMyFAQ Improper Authentication vulnerability
Critical
CVE-2023-0311
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Critical
CVE-2023-22727
was published
for
cakephp/cakephp
(Composer)
Jan 20, 2023
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
Critical
CVE-2023-22731
was published
for
shopware/core
(Composer)
Jan 17, 2023
SQL Injection in WordPress Zero Spam WordPress plugin
Critical
CVE-2022-0254
was published
for
bmarshall511/wordpress_zero_spam
(Composer)
Mar 15, 2022
DQL injection through sorting parameters blocked
Critical
CVE-2022-24752
was published
for
sylius/grid-bundle
(Composer)
Mar 15, 2022
Cross-site Scripting in showdoc/showdoc
Critical
CVE-2022-0960
was published
for
showdoc/showdoc
(Composer)
Mar 15, 2022
Unrestricted Upload of File with Dangerous Type in Zenario CMS
Critical
CVE-2021-42171
was published
for
tribalsystems/zenario
(Composer)
Mar 15, 2022
Remote Code Execution in Contao Managed Edition
Critical
CVE-2022-26265
was published
for
contao/managed-edition
(Composer)
Mar 20, 2022
Type Confusion in ImpressCMS
Critical
CVE-2021-26600
was published
for
impresscms/impresscms
(Composer)
Mar 29, 2022
Sandbox bypass in fenom
Critical
CVE-2021-46433
was published
for
fenom/fenom
(Composer)
Mar 29, 2022
SQL Injection in ImpressCMS
Critical
CVE-2021-26599
was published
for
impresscms/impresscms
(Composer)
Mar 29, 2022
SQL injection in pagekit/pagekit
Critical
CVE-2021-44135
was published
for
pagekit/pagekit
(Composer)
Apr 2, 2022
Remote Code Execution in Laravel
Critical
CVE-2021-43503
was published
for
laravel/laravel
(Composer)
Apr 9, 2022
•
withdrawn
Cross site scripting in facturascripts
Critical
CVE-2022-1457
was published
for
neorazorx/facturascripts
(Composer)
Apr 26, 2022
Rank Math SEO plugin vulnerable to Server-Side Request Forgery
Critical
CVE-2022-36376
was published
for
rankmath/seo-by-rank-math
(Composer)
Sep 10, 2022
ThinkPHP deserialization vulnerability
Critical
CVE-2022-38352
was published
for
topthink/framework
(Composer)
Sep 16, 2022
Unserialized Pop Chain in Laravel
Critical
CVE-2022-31279
was published
for
laravel/laravel
(Composer)
Jun 8, 2022
•
withdrawn
Code Injection in SEOmatic
Critical
CVE-2021-41749
was published
for
nystudio107/craft-seomatic
(Composer)
Jun 13, 2022
SQL Injection in RosarioSIS
Critical
CVE-2022-2067
was published
for
francoisjacquet/rosariosis
(Composer)
Jun 14, 2022
Deserialization of Untrusted Data in topthink/framework
Critical
CVE-2022-33107
was published
for
topthink/framework
(Composer)
Jun 30, 2022
Path traversal in Concrete CMS
Critical
CVE-2022-30117
was published
for
concrete5/core
(Composer)
Jun 25, 2022
SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation"
Critical
CVE-2022-35628
was published
for
in2code/lux
(Composer)
Jul 15, 2022
ProTip!
Advisories are also available from the
GraphQL API