GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
476 advisories
Filter by severity
fuadmin vulnerable to insecure file upload
Critical
CVE-2023-36097
was published
for
funadmin/funadmin
(Composer)
Jun 22, 2023
laravel-s vulnerable to Local File Inclusion
Critical
CVE-2023-29931
was published
for
hhxsv5/laravel-s
(Composer)
Jun 22, 2023
php-imap vulnerable to RCE through a directory traversal vulnerability
Critical
CVE-2023-35169
was published
for
webklex/laravel-imap
(Composer)
Jun 21, 2023
Liufee CMS File Upload vulnerability
Critical
CVE-2020-21489
was published
for
feehi/cms
(Composer)
Jun 20, 2023
liufee CMS File Upload vulnerability
Critical
CVE-2020-21174
was published
for
feehi/cms
(Composer)
Jun 20, 2023
Grav Server Side Template Injection (SSTI) vulnerability
Critical
CVE-2023-34251
was published
for
getgrav/grav
(Composer)
Jun 16, 2023
Froxlor vulnerable to Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2023-3173
was published
for
froxlor/froxlor
(Composer)
Jun 9, 2023
TeamPass vulnerable to stored Cross-site Scripting
Critical
CVE-2023-3086
was published
for
nilsteampassnet/teampass
(Composer)
Jun 3, 2023
Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4
Critical
CVE-2023-32692
was published
for
codeigniter4/framework
(Composer)
May 22, 2023
LavaLite vulnerable to web cache poisoning
Critical
CVE-2023-27238
was published
for
lavalite/cms
(Composer)
May 12, 2023
AzuraCast missing brute force prevention
Critical
CVE-2023-2531
was published
for
azuracast/azuracast
(Composer)
May 5, 2023
Concrete CMS (previously concrete5) is vulnerable to possible auth bypass in the jobs section
Critical
CVE-2023-28473
was published
for
concrete5/concrete5
(Composer)
Apr 28, 2023
Access bypass in Drupal core
Critical
CVE-2023-31250
was published
for
drupal/core
(Composer)
Apr 26, 2023
Remote code execution in Voyager
Critical
CVE-2020-36070
was published
for
tcg/voyager
(Composer)
Apr 26, 2023
SQL filter bypass leading to arbitrary write requests using "SQL Manager"
Critical
CVE-2023-30839
was published
for
prestashop/prestashop
(Composer)
Apr 25, 2023
Duplicate Advisory: AVideo contains Command injection when embedding a video link
Critical
GHSA-wj6r-53f5-q789
was published
for
wwbn/avideo
(Composer)
Apr 25, 2023
•
withdrawn
froxlor/froxlor vulnerable to unrestricted upload of file with dangerous type
Critical
CVE-2023-2034
was published
for
froxlor/froxlor
(Composer)
Apr 14, 2023
Withdrawn: SQL injection in Yii 2
Critical
CVE-2023-26750
was published
for
yiisoft/yii2
(Composer)
Apr 4, 2023
•
withdrawn
X-Forwarded-For header allows brute-forcing autoblocked IP addresses
Critical
CVE-2023-29141
was published
for
mediawiki/core
(Composer)
Mar 31, 2023
Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input
Critical
CVE-2023-28333
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
baserCMS allows any file to be uploaded
Critical
CVE-2023-25655
was published
for
baserproject/basercms
(Composer)
Mar 23, 2023
baserCMS File Uploader Remote Code Execution (RCE) vulnerability
Critical
CVE-2023-25654
was published
for
baserproject/basercms
(Composer)
Mar 23, 2023
PHAR deserialization allowing remote code execution
Critical
CVE-2023-28115
was published
for
knplabs/knp-snappy
(Composer)
Mar 17, 2023
Access control issue in ezsystems/ezpublish-kernel
Critical
CVE-2022-48367
was published
for
ezsystems/ezpublish-kernel
(Composer)
Mar 12, 2023
Funadmin vulnerable to SQL injection
Critical
CVE-2023-24774
was published
for
funadmin/funadmin
(Composer)
Mar 10, 2023
ProTip!
Advisories are also available from the
GraphQL API