GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
39 advisories
Filter by severity
Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data
High
CVE-2019-6338
was published
for
drupal/drupal
(Composer)
Dec 2, 2019
Unsafe deserialization in SmtpTransport in CakePHP
High
CVE-2019-11458
was published
for
cakephp/cakephp
(Composer)
Dec 2, 2019
Deserialization of untrusted data in Symfony
High
CVE-2019-10912
was published
for
symfony/cache
(Composer)
Feb 12, 2020
Phar object injection in PHPMailer
High
CVE-2018-19296
was published
for
phpmailer/phpmailer
(Composer)
Mar 5, 2020
Insecure Deserialization in Backend User Settings in TYPO3 CMS
High
CVE-2020-11067
was published
for
typo3/cms
(Composer)
May 13, 2020
Phar unserialization vulnerability in phpMussel
High
CVE-2020-4043
was published
for
Maikuolan/phpMussel
(Composer)
Jun 10, 2020
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
High
CVE-2020-15098
was published
for
typo3/cms
(Composer)
Jul 29, 2020
Unsafe deserialization in Yii 2
High
CVE-2020-15148
was published
for
yiisoft/yii2
(Composer)
Sep 15, 2020
RCE via PHP Object injection via SOAP Requests
High
CVE-2020-15244
was published
for
openmage/magento-lts
(Composer)
Oct 30, 2020
Deserialization of Untrusted Data in Archive_Tar
High
CVE-2020-28948
was published
for
pear/archive_tar
(Composer)
Apr 22, 2021
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification
High
CVE-2021-41129
was published
for
pterodactyl/panel
(Composer)
Oct 4, 2021
Deserialization of Untrusted Data in Codeigniter4
High
CVE-2022-21647
was published
for
codeigniter4/framework
(Composer)
Jan 6, 2022
Froxlor PHP Object Injection vulnerability
High
CVE-2018-1000527
was published
for
froxlor/froxlor
(Composer)
May 13, 2022
Drupal Core Remote Code Execution Vulnerability
High
CVE-2019-6340
was published
for
drupal/core
(Composer)
May 13, 2022
Pimcore Unserialize Remote Code Execution
High
CVE-2019-10867
was published
for
pimcore/pimcore
(Composer)
May 13, 2022
phpBB Remote Code Execution
High
CVE-2018-19274
was published
for
phpbb/phpbb
(Composer)
May 13, 2022
Laravel Framework RCE Vulnerability
High
CVE-2018-15133
was published
for
laravel/framework
(Composer)
May 14, 2022
mPDF Unsafe Deserialization
High
CVE-2019-1000005
was published
for
mpdf/mpdf
(Composer)
May 14, 2022
Shopware Insecure Deserialization Vulnerability
High
CVE-2019-12799
was published
for
shopware/shopware
(Composer)
May 24, 2022
Pimcore RCE via PHAR upload
High
CVE-2019-16317
was published
for
pimcore/pimcore
(Composer)
May 24, 2022
Magento 2 Community Edition RCE Vulnerability
High
CVE-2019-8141
was published
for
magento/community-edition
(Composer)
May 24, 2022
TYPO3 Insecure Deserialization in Query Generator & Query View
High
CVE-2019-19849
was published
for
typo3/cms
(Composer)
May 24, 2022
Typo3 Vulnerable to Insecure Deserialization
High
CVE-2019-12747
was published
for
typo3/cms
(Composer)
May 24, 2022
melisplatform/melis-front vulnerable to deserialization of untrusted data
High
CVE-2022-39298
was published
for
melisplatform/melis-front
(Composer)
Oct 11, 2022
melisplatform/melis-cms vulnerable to deserialization of untrusted data
High
CVE-2022-39297
was published
for
melisplatform/melis-cms
(Composer)
Oct 11, 2022
ProTip!
Advisories are also available from the
GraphQL API