GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
161 advisories
Filter by severity
Grav Server Side Template Injection (SSTI) vulnerability
Critical
CVE-2023-34251
was published
for
getgrav/grav
(Composer)
Jun 16, 2023
Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability
High
CVE-2023-30179
was published
for
craftcms/cms
(Composer)
Jun 13, 2023
•
withdrawn
Code injection in nilsteampassnet/teampass
High
CVE-2023-2859
was published
for
nilsteampassnet/teampass
(Composer)
May 24, 2023
Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4
Critical
CVE-2023-32692
was published
for
codeigniter4/framework
(Composer)
May 22, 2023
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter
High
CVE-2023-30130
was published
for
craftcms/cms
(Composer)
May 12, 2023
teampass vulnerable to code injection
High
CVE-2023-2591
was published
for
nilsteampassnet/teampass
(Composer)
May 9, 2023
Improper Control of Generation of Code in Twig rendered views
High
CVE-2023-2017
was published
for
shopware/core
(Composer)
Apr 18, 2023
phpMyFAQ Code Injection vulnerability
Moderate
CVE-2023-1761
was published
for
thorsten/phpmyfaq
(Composer)
Mar 31, 2023
Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input
Critical
CVE-2023-28333
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Code Injection in alextselegidis/easyappointments
High
CVE-2023-1367
was published
for
alextselegidis/easyappointments
(Composer)
Mar 13, 2023
Remote code execution in Funadmin
Critical
CVE-2023-24776
was published
for
funadmin/funadmin
(Composer)
Mar 6, 2023
Code Injection in froxlor/froxlor
High
CVE-2023-0877
was published
for
froxlor/froxlor
(Composer)
Feb 17, 2023
Code Injection in thorsten/phpmyfaq
Critical
CVE-2023-0788
was published
for
thorsten/phpmyfaq
(Composer)
Feb 12, 2023
Code Injection in thorsten/phpmyfaq
Moderate
CVE-2023-0792
was published
for
thorsten/phpmyfaq
(Composer)
Feb 12, 2023
froxlor is vulnerable to privilege escalation from customer to root via directory-options
High
CVE-2023-0671
was published
for
froxlor/froxlor
(Composer)
Feb 4, 2023
Command injection in yiisoft/yii2-gii
High
CVE-2020-36655
was published
for
yiisoft/yii2-gii
(Composer)
Jan 21, 2023
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
Critical
CVE-2023-22731
was published
for
shopware/core
(Composer)
Jan 17, 2023
XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument
Moderate
GHSA-7vcx-v65q-9wpg
was published
for
phpxmlrpc/phpxmlrpc
(Composer)
Jan 11, 2023
nterchange Code Injection vulnerability
Critical
CVE-2015-10009
was published
for
nonfiction/nterchange
(Composer)
Jan 2, 2023
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
High
CVE-2022-23503
was published
for
typo3/cms
(Composer)
Dec 13, 2022
Akeneo PIM Community Edition vulnerable to remote php code execution
High
CVE-2022-46157
was published
for
akeneo/pim-community-dev
(Composer)
Dec 9, 2022
Zenario CMS is vulnerable to Remote Code Execution (RCE).
Critical
CVE-2022-44136
was published
for
tribalsystems/zenario
(Composer)
Nov 30, 2022
Badaso vulnerable to Remote Code Execution (RCE)
Critical
CVE-2022-41705
was published
for
badaso/core
(Composer)
Nov 25, 2022
Froxlor vulnerable to code injection
Moderate
CVE-2022-3869
was published
for
froxlor/froxlor
(Composer)
Nov 5, 2022
Froxlor vulnerable to Code Injection
Moderate
CVE-2022-3721
was published
for
froxlor/froxlor
(Composer)
Nov 4, 2022
ProTip!
Advisories are also available from the
GraphQL API