GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
476 advisories
Filter by severity
Fixes a bug in Zend Framework's Stream HTTP Wrapper
Critical
CVE-2021-21426
was published
for
openmage/magento-lts
(Composer)
Apr 22, 2021
Authentication bypass in MAGMI
Critical
CVE-2020-5777
was published
for
dweeves/magmi
(Composer)
May 6, 2021
Backport for CVE-2021-21024 Blind SQLi from Magento 2
Critical
CVE-2021-21427
was published
for
openmage/magento-lts
(Composer)
Apr 22, 2021
Insecure Deserialization of untrusted data in rmccue/requests
Critical
CVE-2021-29476
was published
for
rmccue/requests
(Composer)
Apr 29, 2021
Exposure of Sensitive Information to an Unauthorized Actor
Critical
CVE-2021-32711
was published
for
shopware/platform
(Composer)
Sep 8, 2021
XSS vulnerability with translator
Critical
CVE-2021-32671
was published
for
flarum/core
(Composer)
Jun 7, 2021
Code injection in topthink/think
Critical
CVE-2020-17952
was published
for
topthink/think
(Composer)
Aug 9, 2021
Code injection in codiad
Critical
CVE-2019-19208
was published
for
codiad/codiad
(Composer)
Sep 1, 2021
Critical severity vulnerability in Ignition
Critical
CVE-2020-13909
was published
for
facade/ignition
(Composer)
Oct 12, 2021
XML External Entity vulnerability in MODX CMS
Critical
CVE-2020-25911
was published
for
modx/revolution
(Composer)
Nov 1, 2021
SQL injection in TYPO3 extension
Critical
CVE-2021-38302
was published
for
ecodev/newsletter
(Composer)
Sep 2, 2021
Improper Access Control in Webauthn Framework
Critical
CVE-2021-38299
was published
for
web-auth/webauthn-framework
(Composer)
Sep 29, 2021
SQL Injection in topthink/thinkphp
Critical
CVE-2020-20120
was published
for
topthink/thinkphp
(Composer)
Sep 30, 2021
SafeCurl before 0.9.2 has a DNS rebinding vulnerability.
Critical
CVE-2020-36474
was published
for
vanilla/safecurl
(Composer)
Aug 25, 2021
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS
Critical
CVE-2021-41243
was published
for
baserproject/basercms
(Composer)
Dec 1, 2021
Unrestricted File Upload in ShowDoc v2.9.5
Critical
CVE-2021-36440
was published
for
showdoc/showdoc
(Composer)
Sep 9, 2021
Path traversal in librenms/librenms
Critical
CVE-2021-44278
was published
for
librenms/librenms
(Composer)
Dec 10, 2021
SQL Injection in rosariosis
Critical
CVE-2021-44427
was published
for
francoisjacquet/rosariosis
(Composer)
Dec 2, 2021
Deserialization of Untrusted Data in topthink/framework
Critical
CVE-2021-36567
was published
for
topthink/framework
(Composer)
Dec 7, 2021
Incorrect Authorization in latte/latte
Critical
CVE-2021-23803
was published
for
latte/latte
(Composer)
Jan 6, 2022
Ariadne Component Library vulnerable to Server-Side Request Forgery
Critical
CVE-2017-20157
was published
for
arc/web
(Composer)
Dec 31, 2022
Account takeover in facturascripts
Critical
CVE-2022-1715
was published
for
facturascripts/facturascripts
(Composer)
May 14, 2022
Centreon vulnerable to SQL Injection
Critical
CVE-2022-3827
was published
for
centreon/centreon
(Composer)
Nov 2, 2022
FeehiCMS has an arbitrary file upload vulnerability
Critical
CVE-2020-21516
was published
for
feehi/cms
(Composer)
Sep 7, 2022
phpmyadmin contains SQL Injection vulnerability
Critical
CVE-2020-22452
was published
for
phpmyadmin/phpmyadmin
(Composer)
Jan 26, 2023
ProTip!
Advisories are also available from the
GraphQL API