Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

161 advisories

Loading
Grav Server Side Template Injection (SSTI) vulnerability Critical
CVE-2023-34251 was published for getgrav/grav (Composer) Jun 16, 2023
scgajge12
Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability High
CVE-2023-30179 was published for craftcms/cms (Composer) Jun 13, 2023 withdrawn
angrybrad
Code injection in nilsteampassnet/teampass High
CVE-2023-2859 was published for nilsteampassnet/teampass (Composer) May 24, 2023
Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4 Critical
CVE-2023-32692 was published for codeigniter4/framework (Composer) May 22, 2023
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter High
CVE-2023-30130 was published for craftcms/cms (Composer) May 12, 2023
teampass vulnerable to code injection High
CVE-2023-2591 was published for nilsteampassnet/teampass (Composer) May 9, 2023
Improper Control of Generation of Code in Twig rendered views High
CVE-2023-2017 was published for shopware/core (Composer) Apr 18, 2023
Creastery
phpMyFAQ Code Injection vulnerability Moderate
CVE-2023-1761 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
aruneko
Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input Critical
CVE-2023-28333 was published for moodle/moodle (Composer) Mar 23, 2023
Code Injection in alextselegidis/easyappointments High
CVE-2023-1367 was published for alextselegidis/easyappointments (Composer) Mar 13, 2023
Remote code execution in Funadmin Critical
CVE-2023-24776 was published for funadmin/funadmin (Composer) Mar 6, 2023
Code Injection in froxlor/froxlor High
CVE-2023-0877 was published for froxlor/froxlor (Composer) Feb 17, 2023
Code Injection in thorsten/phpmyfaq Critical
CVE-2023-0788 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
Code Injection in thorsten/phpmyfaq Moderate
CVE-2023-0792 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
froxlor is vulnerable to privilege escalation from customer to root via directory-options High
CVE-2023-0671 was published for froxlor/froxlor (Composer) Feb 4, 2023
Command injection in yiisoft/yii2-gii High
CVE-2020-36655 was published for yiisoft/yii2-gii (Composer) Jan 21, 2023
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views Critical
CVE-2023-22731 was published for shopware/core (Composer) Jan 17, 2023
XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument Moderate
GHSA-7vcx-v65q-9wpg was published for phpxmlrpc/phpxmlrpc (Composer) Jan 11, 2023
TatianaGarcia94
nterchange Code Injection vulnerability Critical
CVE-2015-10009 was published for nonfiction/nterchange (Composer) Jan 2, 2023
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework High
CVE-2022-23503 was published for typo3/cms (Composer) Dec 13, 2022
Akeneo PIM Community Edition vulnerable to remote php code execution High
CVE-2022-46157 was published for akeneo/pim-community-dev (Composer) Dec 9, 2022
Zenario CMS is vulnerable to Remote Code Execution (RCE). Critical
CVE-2022-44136 was published for tribalsystems/zenario (Composer) Nov 30, 2022
tdunlap607
Badaso vulnerable to Remote Code Execution (RCE) Critical
CVE-2022-41705 was published for badaso/core (Composer) Nov 25, 2022
Froxlor vulnerable to code injection Moderate
CVE-2022-3869 was published for froxlor/froxlor (Composer) Nov 5, 2022
Froxlor vulnerable to Code Injection Moderate
CVE-2022-3721 was published for froxlor/froxlor (Composer) Nov 4, 2022
ProTip! Advisories are also available from the GraphQL API