GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
161 advisories
Filter by severity
Dolibarr ERP CRM Code Injection vulnerability during installation
Moderate
CVE-2024-29477
was published
for
dolibarr/dolibarr
(Composer)
Apr 3, 2024
Server Side Template Injection (SSTI) via Twig escape handler
High
CVE-2024-28119
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Server Side Template Injection (SSTI)
High
CVE-2024-28118
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Server Side Template Injection (SSTI)
High
CVE-2024-28117
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
High
CVE-2024-28116
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Code injection in REDAXO
High
CVE-2024-25298
was published
for
redaxo/source
(Composer)
Feb 17, 2024
TYPO3 Install Tool vulnerable to Code Execution
High
CVE-2024-22188
was published
for
typo3/cms-core
(Composer)
Feb 13, 2024
Arbitrary Code Execution in Processwire
High
CVE-2023-24676
was published
for
processwire/processwire
(Composer)
Jan 24, 2024
October CMS safe mode bypass using Twig sandbox escape
Critical
CVE-2023-44382
was published
for
october/system
(Composer)
Nov 29, 2023
October CMS safe mode bypass using Page template injection
Moderate
CVE-2023-44381
was published
for
october/system
(Composer)
Nov 29, 2023
Statamic CMS vulnerable to remote code execution via form uploads
High
CVE-2023-48217
was published
for
statamic/cms
(Composer)
Nov 14, 2023
Moodle Code Injection vulnerability
Moderate
CVE-2023-5550
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
Moodle Code Injection vulnerability
High
CVE-2023-5540
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
Moodle Code Injection vulnerability
Moderate
CVE-2023-5539
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
Subrion remote command execution vulnerability
High
CVE-2023-46947
was published
for
intelliants/subrion
(Composer)
Nov 3, 2023
baserCMS Code Injection Vulnerability in Mail Form Feature
Moderate
CVE-2023-43792
was published
for
baserproject/basercms
(Composer)
Oct 26, 2023
Cachet vulnerable to Authenticated Remote Code Execution
Critical
CVE-2023-43661
was published
for
cachethq/cachet
(Composer)
Oct 16, 2023
Economizzer host header injection vulnerability
High
CVE-2023-38877
was published
for
gugoan/economizzer
(Composer)
Sep 28, 2023
Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script
High
CVE-2023-38886
was published
for
dolibarr/dolibarr
(Composer)
Sep 20, 2023
LibreNMS Code Injection vulnerability
Moderate
CVE-2023-4977
was published
for
librenms/librenms
(Composer)
Sep 15, 2023
Craft CMS Remote Code Execution vulnerability
Critical
CVE-2023-41892
was published
for
craftcms/cms
(Composer)
Sep 13, 2023
Command injection in pagekit
High
CVE-2023-41005
was published
for
pagekit/pagekit
(Composer)
Aug 29, 2023
TeamPass Code Injection vulnerability
Critical
CVE-2023-3551
was published
for
nilsteampassnet/teampass
(Composer)
Jul 8, 2023
Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability
High
CVE-2023-34253
was published
for
getgrav/grav
(Composer)
Jun 16, 2023
Grav Server-side Template Injection (SSTI) via Twig Default Filters
High
CVE-2023-34252
was published
for
getgrav/grav
(Composer)
Jun 16, 2023
ProTip!
Advisories are also available from the
GraphQL API