Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

45 advisories

Loading
Unexpected database bindings High
GHSA-x7p5-p2c9-phvg was published for illuminate/database (Composer) Feb 2, 2021
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0 High
CVE-2020-15277 was published for baserproject/basercms (Composer) Oct 30, 2020
Aquilao
CSV injection in Craft CMS High
GHSA-xrpj-f9v6-2332 was published for craftcms/cms (Composer) Oct 4, 2021 withdrawn
Command injection in czproject/git-php High
CVE-2022-25866 was published for czproject/git-php (Composer) Apr 26, 2022
Known vulnerable to account takeover via host header injection attack in v1.3.1 High
CVE-2022-33011 was published for idno/known (Composer) Jul 9, 2022
Code injection in concrete CMS High
CVE-2022-21829 was published for concrete5/core (Composer) Jun 25, 2022
Command injection in librenms High
CVE-2022-29712 was published for librenms/librenms (Composer) Jun 3, 2022
October/System authenticated file write leads to remote code execution High
CVE-2021-32649 was published for october/system (Composer) Jan 14, 2022
cydave
october/system arbitrary code execution High
CVE-2021-32650 was published for october/system (Composer) Jan 14, 2022
sushiwushi
Account Takeover Through Password Reset Poisoning High
CVE-2022-33012 was published for microweber/microweber (Composer) Nov 22, 2022
snipe-IT vulnerable to host header injection High
CVE-2022-23064 was published for snipe/snipe-it (Composer) May 3, 2022
Improper Encoding or Escaping of Output and Injection in LibreNMS High
CVE-2019-12463 was published for librenms/librenms (Composer) Oct 11, 2019
Remote code execution in turn extension for TYPO3 High
CVE-2020-15515 was published for marcwillmann/turn (Composer) Jul 29, 2020
RCE via PHP Object injection via SOAP Requests High
CVE-2020-15244 was published for openmage/magento-lts (Composer) Oct 30, 2020
convenient
Insecure Inherited Permissions in neoan3-apps/template High
CVE-2021-41170 was published for neoan3-apps/template (Composer) Nov 10, 2021
Injection in UserFrosting High
CVE-2021-25994 was published for userfrosting/userfrosting (Composer) Jan 6, 2022
Authenticated remote code execution in October CMS High
CVE-2022-21705 was published for october/system (Composer) Feb 23, 2022
cydave
Multiple vulnerabilities through filename manipulation in Archive_Tar High
CVE-2020-28949 was published for pear/archive_tar (Composer) Apr 22, 2021
PEAR core file overwrite vulnerability High
CVE-2017-5630 was published for pear/pear (Composer) May 13, 2022
SEOmatic for CraftCMS allows Server-Side Template Injection High
CVE-2020-12790 was published for nystudio107/craft-seomatic (Composer) May 24, 2022
Craft CMS vulnerable to Remote Code Execution via unrestricted file extension High
CVE-2023-32679 was published for craftcms/cms (Composer) May 22, 2023
awakerrday
Craft CMS vulnerable to Remote Code Execution via validatePath bypass High
CVE-2023-40035 was published for craftcms/cms (Composer) Aug 21, 2023
awakerrday
Dolibarr Improper Input Validation vulnerability High
CVE-2023-4197 was published for dolibarr/dolibarr (Composer) Nov 1, 2023
zenstruck/collection passing callable string to EntityRepository::find() and query() High
CVE-2023-37473 was published for zenstruck/collection (Composer) Jul 14, 2023
kbond
grav Server-side Template Injection (SSTI) mitigation bypass High
CVE-2023-37897 was published for getgrav/grav (Composer) Jul 19, 2023
s4ex Malayke
ProTip! Advisories are also available from the GraphQL API