GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
161 advisories
Filter by severity
Code injection in REDAXO
High
CVE-2024-25298
was published
for
redaxo/source
(Composer)
Feb 17, 2024
Dolibarr ERP CRM Code Injection vulnerability during installation
Moderate
CVE-2024-29477
was published
for
dolibarr/dolibarr
(Composer)
Apr 3, 2024
Server Side Template Injection (SSTI) via Twig escape handler
High
CVE-2024-28119
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Server Side Template Injection (SSTI)
High
CVE-2024-28118
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Server Side Template Injection (SSTI)
High
CVE-2024-28117
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
High
CVE-2024-28116
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability
High
CVE-2023-30179
was published
for
craftcms/cms
(Composer)
Jun 13, 2023
•
withdrawn
TYPO3 Image Processing susceptible to Code Execution
High
CVE-2019-11832
was published
for
typo3/cms
(Composer)
May 24, 2022
Magento 2 Community Edition RCE
High
CVE-2019-7942
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition Unsafe File Upload
High
CVE-2019-7871
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition RCE Vulnerability
High
CVE-2019-7903
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition RCE Vulnerability
High
CVE-2019-7932
was published
for
magento/community-edition
(Composer)
May 24, 2022
TYPO3 Backend Command Injection via Shell Metacharacters in Uploaded File Name
High
CVE-2009-3631
was published
for
typo3/cms-backend
(Composer)
May 2, 2022
Arbitrary Code Execution in Processwire
High
CVE-2023-24676
was published
for
processwire/processwire
(Composer)
Jan 24, 2024
Symfony Arbitrary PHP code Execution
High
CVE-2013-1397
was published
for
symfony/symfony
(Composer)
May 17, 2022
PHP Code Injection by malicious function name in smarty
Critical
CVE-2021-26120
was published
for
smarty/smarty
(Composer)
Feb 26, 2021
Code Injection in PHPUnit
Critical
CVE-2017-9841
was published
for
phpunit/phpunit
(Composer)
Mar 26, 2022
Mustache remote code injection vulnerability
High
CVE-2022-0323
was published
for
mustache/mustache
(Composer)
Jan 27, 2022
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
High
CVE-2021-34551
was published
for
phpmailer/phpmailer
(Composer)
Jun 22, 2021
Potential Remote Code Execution vulnerability
High
CVE-2020-15227
was published
for
nette/application
(Composer)
Oct 2, 2020
DOMPDF Remote Code Execution
High
CVE-2014-5013
was published
for
dompdf/dompdf
(Composer)
May 17, 2022
Yii Framework Code Injection
High
CVE-2018-8074
was published
for
yiisoft/yii2-dev
(Composer)
May 24, 2022
Moodle vulnerable to PHP object injection attacks
High
CVE-2014-3541
was published
for
moodle/moodle
(Composer)
May 13, 2022
Symfony Unsafe Cache Serialization Could Enable RCE
Critical
CVE-2019-18889
was published
for
symfony/cache
(Composer)
Dec 2, 2019
ProTip!
Advisories are also available from the
GraphQL API