Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

161 advisories

Loading
Server Side Twig Template Injection Critical
CVE-2022-21686 was published for prestashop/prestashop (Composer) Jan 27, 2022
Brum3ns
Froxlor vulnerable to Code Injection Moderate
CVE-2022-3721 was published for froxlor/froxlor (Composer) Nov 4, 2022
Improper Neutralization of Special Elements Used in a Template Engine in microweber High
CVE-2022-0896 was published for microweber/microweber (Composer) Mar 10, 2022
Code injection in dolibarr/dolibarr High
CVE-2022-0819 was published for dolibarr/dolibarr (Composer) Mar 3, 2022
froxlor is vulnerable to privilege escalation from customer to root via directory-options High
CVE-2023-0671 was published for froxlor/froxlor (Composer) Feb 4, 2023
Code Injection in thorsten/phpmyfaq Critical
CVE-2023-0788 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
Code Injection in thorsten/phpmyfaq Moderate
CVE-2023-0792 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
Code Injection in froxlor/froxlor High
CVE-2023-0877 was published for froxlor/froxlor (Composer) Feb 17, 2023
Code Injection in alextselegidis/easyappointments High
CVE-2023-1367 was published for alextselegidis/easyappointments (Composer) Mar 13, 2023
Remote code execution in Funadmin Critical
CVE-2023-24776 was published for funadmin/funadmin (Composer) Mar 6, 2023
Zenario CMS is vulnerable to Remote Code Execution (RCE). Critical
CVE-2022-44136 was published for tribalsystems/zenario (Composer) Nov 30, 2022
tdunlap607
phpMyFAQ Code Injection vulnerability Moderate
CVE-2023-1761 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
aruneko
Improper Control of Generation of Code in Twig rendered views High
CVE-2023-2017 was published for shopware/core (Composer) Apr 18, 2023
Creastery
WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection Moderate
CVE-2022-2099 was published for woocommerce/woocommerce (Composer) Jul 18, 2022
Code Injection in baserCMS High
CVE-2017-10844 was published for baserproject/basercms (Composer) May 14, 2022
Authenticated RCE in Zen Cart 1.5.5e High
CVE-2017-11675 was published for zencart/zencart (Composer) May 17, 2022
Code Injection in microweber High
CVE-2022-0282 was published for microweber/microweber (Composer) Jan 21, 2022
MAGMI plugin for Magento Unsafe File Upload High
CVE-2014-8770 was published for dweeves/magmi (Composer) May 14, 2022
Pimcore Vulnerable to PHP Object Injection Attacks High
CVE-2014-2921 was published for pimcore/pimcore (Composer) May 17, 2022
Moodle Authenticated Spelling Binary Remote Code Execution Moderate
CVE-2013-3630 was published for moodle/moodle (Composer) May 13, 2022
Dolibarr ERP and CRM Code Injection High
CVE-2019-11201 was published for dolibarr/dolibarr (Composer) May 24, 2022
phpMyAdmin Remote Code Execution High
CVE-2013-3239 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Centreon RCE Vulnerability Critical
CVE-2018-11587 was published for centreon/centreon (Composer) May 14, 2022
Craft CMS Remote Code Injection Critical
CVE-2021-27903 was published for craftcms/cms (Composer) Jul 2, 2021
SEOmatic plugin for Craft CMS SSTI Vulnerability High
CVE-2018-14716 was published for nystudio107/craft-seomatic (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API