GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
161 advisories
Filter by severity
Server Side Twig Template Injection
Critical
CVE-2022-21686
was published
for
prestashop/prestashop
(Composer)
Jan 27, 2022
Froxlor vulnerable to Code Injection
Moderate
CVE-2022-3721
was published
for
froxlor/froxlor
(Composer)
Nov 4, 2022
Improper Neutralization of Special Elements Used in a Template Engine in microweber
High
CVE-2022-0896
was published
for
microweber/microweber
(Composer)
Mar 10, 2022
Code injection in dolibarr/dolibarr
High
CVE-2022-0819
was published
for
dolibarr/dolibarr
(Composer)
Mar 3, 2022
froxlor is vulnerable to privilege escalation from customer to root via directory-options
High
CVE-2023-0671
was published
for
froxlor/froxlor
(Composer)
Feb 4, 2023
Code Injection in thorsten/phpmyfaq
Critical
CVE-2023-0788
was published
for
thorsten/phpmyfaq
(Composer)
Feb 12, 2023
Code Injection in thorsten/phpmyfaq
Moderate
CVE-2023-0792
was published
for
thorsten/phpmyfaq
(Composer)
Feb 12, 2023
Code Injection in froxlor/froxlor
High
CVE-2023-0877
was published
for
froxlor/froxlor
(Composer)
Feb 17, 2023
Code Injection in alextselegidis/easyappointments
High
CVE-2023-1367
was published
for
alextselegidis/easyappointments
(Composer)
Mar 13, 2023
Remote code execution in Funadmin
Critical
CVE-2023-24776
was published
for
funadmin/funadmin
(Composer)
Mar 6, 2023
Zenario CMS is vulnerable to Remote Code Execution (RCE).
Critical
CVE-2022-44136
was published
for
tribalsystems/zenario
(Composer)
Nov 30, 2022
phpMyFAQ Code Injection vulnerability
Moderate
CVE-2023-1761
was published
for
thorsten/phpmyfaq
(Composer)
Mar 31, 2023
Improper Control of Generation of Code in Twig rendered views
High
CVE-2023-2017
was published
for
shopware/core
(Composer)
Apr 18, 2023
WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection
Moderate
CVE-2022-2099
was published
for
woocommerce/woocommerce
(Composer)
Jul 18, 2022
Code Injection in baserCMS
High
CVE-2017-10844
was published
for
baserproject/basercms
(Composer)
May 14, 2022
Authenticated RCE in Zen Cart 1.5.5e
High
CVE-2017-11675
was published
for
zencart/zencart
(Composer)
May 17, 2022
Code Injection in microweber
High
CVE-2022-0282
was published
for
microweber/microweber
(Composer)
Jan 21, 2022
MAGMI plugin for Magento Unsafe File Upload
High
CVE-2014-8770
was published
for
dweeves/magmi
(Composer)
May 14, 2022
Pimcore Vulnerable to PHP Object Injection Attacks
High
CVE-2014-2921
was published
for
pimcore/pimcore
(Composer)
May 17, 2022
Moodle Authenticated Spelling Binary Remote Code Execution
Moderate
CVE-2013-3630
was published
for
moodle/moodle
(Composer)
May 13, 2022
Dolibarr ERP and CRM Code Injection
High
CVE-2019-11201
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
phpMyAdmin Remote Code Execution
High
CVE-2013-3239
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Centreon RCE Vulnerability
Critical
CVE-2018-11587
was published
for
centreon/centreon
(Composer)
May 14, 2022
Craft CMS Remote Code Injection
Critical
CVE-2021-27903
was published
for
craftcms/cms
(Composer)
Jul 2, 2021
SEOmatic plugin for Craft CMS SSTI Vulnerability
High
CVE-2018-14716
was published
for
nystudio107/craft-seomatic
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API