GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
87 advisories
Filter by severity
Improper Encoding or Escaping of Output and Injection in LibreNMS
High
CVE-2019-12463
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
Remote code execution via vulnerable Symphony dependecy injection
Critical
CVE-2019-8135
was published
for
magento/community-edition
(Composer)
Nov 12, 2019
Link injection in SimpleSAMLphp
Low
GHSA-2r3v-q9x3-7g46
was published
for
simplesamlphp/simplesamlphp
(Composer)
Jan 24, 2020
Potential Code Injection in Sprout Forms
Critical
CVE-2020-11056
was published
for
barrelstrength/sprout-base-email
(Composer)
May 8, 2020
Remote code execution in turn extension for TYPO3
High
CVE-2020-15515
was published
for
marcwillmann/turn
(Composer)
Jul 29, 2020
Remote Code Execution in SyliusResourceBundle
Critical
CVE-2020-15146
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
Remote Code Execution in SyliusResourceBundle
High
CVE-2020-15143
was published
for
sylius/resource-bundle
(Composer)
Aug 19, 2020
Contao Insert tag injection in forms
Moderate
CVE-2020-25768
was published
for
contao/contao
(Composer)
Sep 24, 2020
Potential Remote Code Execution vulnerability
High
CVE-2020-15227
was published
for
nette/application
(Composer)
Oct 2, 2020
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0
High
CVE-2020-15277
was published
for
baserproject/basercms
(Composer)
Oct 30, 2020
RCE via PHP Object injection via SOAP Requests
High
CVE-2020-15244
was published
for
openmage/magento-lts
(Composer)
Oct 30, 2020
Query Binding Exploitation
High
CVE-2021-21263
was published
for
illuminate/database
(Composer)
Jan 19, 2021
Unexpected database bindings
High
GHSA-x7p5-p2c9-phvg
was published
for
illuminate/database
(Composer)
Feb 2, 2021
Authenticated remote code execution
Moderate
GHSA-pjj4-jjgc-h3r8
was published
for
shopware/platform
(Composer)
Mar 12, 2021
Mautic vulnerable to secret data exfiltration via symfony parameters
Moderate
CVE-2021-27908
was published
for
mautic/core
(Composer)
Apr 6, 2021
Multiple vulnerabilities through filename manipulation in Archive_Tar
High
CVE-2020-28949
was published
for
pear/archive_tar
(Composer)
Apr 22, 2021
PHPMailer untrusted code may be run from an overridden address validator
High
CVE-2021-3603
was published
for
phpmailer/phpmailer
(Composer)
Jun 22, 2021
Craft CMS Remote Code Injection
Critical
CVE-2021-27903
was published
for
craftcms/cms
(Composer)
Jul 2, 2021
Code injection in topthink/think
Critical
CVE-2020-17952
was published
for
topthink/think
(Composer)
Aug 9, 2021
CSV injection in Craft CMS
High
GHSA-xrpj-f9v6-2332
was published
for
craftcms/cms
(Composer)
Oct 4, 2021
•
withdrawn
Insecure Inherited Permissions in neoan3-apps/template
High
CVE-2021-41170
was published
for
neoan3-apps/template
(Composer)
Nov 10, 2021
Client-Side JavaScript Prototype Pollution in oro/platform
Moderate
CVE-2021-43852
was published
for
oro/platform
(Composer)
Jan 6, 2022
Injection in UserFrosting
High
CVE-2021-25994
was published
for
userfrosting/userfrosting
(Composer)
Jan 6, 2022
Sandbox Escape by math function in smarty
High
CVE-2021-29454
was published
for
smarty/smarty
(Composer)
Jan 12, 2022
October/System authenticated file write leads to remote code execution
High
CVE-2021-32649
was published
for
october/system
(Composer)
Jan 14, 2022
ProTip!
Advisories are also available from the
GraphQL API