GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+
46 advisories
Filter by severity
Improper Encoding or Escaping of Output and Injection in LibreNMS
High
CVE-2019-12463
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
Remote code execution in turn extension for TYPO3
High
CVE-2020-15515
was published
for
marcwillmann/turn
(Composer)
Jul 29, 2020
Remote Code Execution in SyliusResourceBundle
High
CVE-2020-15143
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
Potential Remote Code Execution vulnerability
High
CVE-2020-15227
was published
for
nette/application
(Composer)
Oct 2, 2020
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
High
CVE-2020-15277
was published
for
baserproject/basercms
(Composer)
Oct 30, 2020
RCE via PHP Object injection via SOAP Requests
High
CVE-2020-15244
was published
for
openmage/magento-lts
(Composer)
Oct 30, 2020
Query Binding Exploitation
High
CVE-2021-21263
was published
for
illuminate/database
(Composer)
Jan 19, 2021
Unexpected database bindings
High
GHSA-x7p5-p2c9-phvg
was published
for
illuminate/database
(Composer)
Feb 2, 2021
Multiple vulnerabilities through filename manipulation in Archive_Tar
High
CVE-2020-28949
was published
for
pear/archive_tar
(Composer)
Apr 22, 2021
PHPMailer untrusted code may be run from an overridden address validator
High
CVE-2021-3603
was published
for
phpmailer/phpmailer
(Composer)
Jun 22, 2021
CSV injection in Craft CMS
High
GHSA-xrpj-f9v6-2332
was published
for
craftcms/cms
(Composer)
Oct 4, 2021
•
withdrawn
Insecure Inherited Permissions in neoan3-apps/template
High
CVE-2021-41170
was published
for
neoan3-apps/template
(Composer)
Nov 10, 2021
Injection in UserFrosting
High
CVE-2021-25994
was published
for
userfrosting/userfrosting
(Composer)
Jan 6, 2022
Sandbox Escape by math function in smarty
High
CVE-2021-29454
was published
for
smarty/smarty
(Composer)
Jan 12, 2022
October/System authenticated file write leads to remote code execution
High
CVE-2021-32649
was published
for
october/system
(Composer)
Jan 14, 2022
october/system arbitrary code execution
High
CVE-2021-32650
was published
for
october/system
(Composer)
Jan 14, 2022
Authenticated remote code execution in October CMS
High
CVE-2022-21705
was published
for
october/system
(Composer)
Feb 23, 2022
Command injection in czproject/git-php
High
CVE-2022-25866
was published
for
czproject/git-php
(Composer)
Apr 26, 2022
snipe-IT vulnerable to host header injection
High
CVE-2022-23064
was published
for
snipe/snipe-it
(Composer)
May 3, 2022
PEAR core file overwrite vulnerability
High
CVE-2017-5630
was published
for
pear/pear
(Composer)
May 13, 2022
Twig remote code execution in templates
High
CVE-2015-7809
was published
for
twig/twig
(Composer)
May 14, 2022
SimpleSAMLphp SAML2 library Regular Expression Denial of Service vulnerability
High
CVE-2018-6519
was published
for
simplesamlphp/saml2
(Composer)
May 14, 2022
Joomla! Framework Remote Code Injection Vulnerability
High
CVE-2015-8566
was published
for
joomla/session
(Composer)
May 17, 2022
SEOmatic for CraftCMS allows Server-Side Template Injection
High
CVE-2020-12790
was published
for
nystudio107/craft-seomatic
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API