GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
476 advisories
Filter by severity
phpMyFAQ Improper Authentication vulnerability
Critical
CVE-2023-0311
was published
for
thorsten/phpmyfaq
(Composer)
Jan 16, 2023
WebPA SQL Injection vulnerability
Critical
CVE-2021-4308
was published
for
webpa/webpa
(Composer)
Jan 8, 2023
PaginationServiceProvider SQL Injection vulnerability
Critical
CVE-2014-125029
was published
for
ttskch/pagination-service-provider
(Composer)
Jan 8, 2023
kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference
Critical
CVE-2015-10029
was published
for
kelvinmo/simplexrd
(Composer)
Jan 7, 2023
himiklab yii2-jqgrid-widget vulnerable to SQL Injection
Critical
CVE-2014-125051
was published
for
himiklab/yii2-jqgrid-widget
(Composer)
Jan 6, 2023
DBRisinajumi d2files SQL Injection vulnerability
Critical
CVE-2015-10018
was published
for
dbrisinajumi/d2files
(Composer)
Jan 6, 2023
nterchange Code Injection vulnerability
Critical
CVE-2015-10009
was published
for
nonfiction/nterchange
(Composer)
Jan 2, 2023
Ariadne Component Library vulnerable to Server-Side Request Forgery
Critical
CVE-2017-20157
was published
for
arc/web
(Composer)
Dec 31, 2022
ThinkPHP Framework vulnerable to remote code execution
Critical
CVE-2022-47945
was published
for
topthink/framework
(Composer)
Dec 23, 2022
laravel-jqgrid vulnerable to SQL Injection
Critical
CVE-2021-4262
was published
for
mgallegos/laravel-jqgrid
(Composer)
Dec 19, 2022
TYPO3 vulnerable to Insufficient Session Expiration
Critical
CVE-2022-47406
was published
for
derhansen/fe_change_pwd
(Composer)
Dec 14, 2022
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)
Critical
CVE-2022-47408
was published
for
fixpunkt/fp-newsletter
(Composer)
Dec 14, 2022
Zenario CMS is vulnerable to Remote Code Execution (RCE).
Critical
CVE-2022-44136
was published
for
tribalsystems/zenario
(Composer)
Nov 30, 2022
Moodle blind Server-Side Request Forgery (SSRF) vulnerability in LTI provider library
Critical
CVE-2022-45152
was published
for
moodle/moodle
(Composer)
Nov 25, 2022
Badaso vulnerable to Remote Code Execution (RCE)
Critical
CVE-2022-41705
was published
for
badaso/core
(Composer)
Nov 25, 2022
PyroCMS vulnerable to stored Cross Site Scripting
Critical
CVE-2022-37721
was published
for
pyrocms/pyrocms
(Composer)
Nov 25, 2022
Cross site scripting vulnerability with discussion titles
Critical
CVE-2022-41938
was published
for
flarum/core
(Composer)
Nov 21, 2022
SQL injection in Dolibarr
Critical
CVE-2022-4093
was published
for
dolibarr/dolibarr
(Composer)
Nov 21, 2022
Insufficient Session Expiration in librenms/librenms
Critical
CVE-2022-4070
was published
for
librenms/librenms
(Composer)
Nov 20, 2022
Dolibarr vulnerable to privilege escalation
Critical
CVE-2022-43138
was published
for
dolibarr/dolibarr
(Composer)
Nov 17, 2022
eZ Platform users with the Company admin role can assign any role to any user
Critical
GHSA-99r3-xmmq-7q7g
was published
for
ezsystems/ezpublish-kernel
(Composer)
Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user
Critical
GHSA-8h83-chh2-fchp
was published
for
ezsystems/ezplatform-kernel
(Composer)
Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user
Critical
GHSA-446q-xxg5-3vhh
was published
for
ezsystems/repository-forms
(Composer)
Nov 10, 2022
eZ Platform users with the Company admin role can assign any role to any user
Critical
GHSA-pcpm-vc4v-cmvx
was published
for
ezsystems/ezplatform-admin-ui
(Composer)
Nov 10, 2022
Ibexa DXP users with the Company admin role can assign any role to any user
Critical
GHSA-g6jc-xrc3-4wwq
was published
for
ibexa/admin-ui
(Composer)
Nov 10, 2022
ProTip!
Advisories are also available from the
GraphQL API