Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

161 advisories

Loading
Moodle XML import of ddwtos could lead to intentional remote code execution High
CVE-2018-14630 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle remote code execution via quiz questions Moderate
CVE-2014-3545 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial High
CVE-2021-29472 was published for composer/composer (Composer) Apr 29, 2021
thomas-chauchefoin-sonarsource
Remote CLI Command Execution Vulnerability in CodeIgniter4 Critical
CVE-2022-24711 was published for codeigniter4/framework (Composer) Mar 1, 2022
iRedds
Missing input validation can lead to command execution in composer High
CVE-2022-24828 was published for composer/composer (Composer) Apr 22, 2022
thomas-chauchefoin-sonarsource
phpMyAdmin remote variable manipulation Moderate
CVE-2011-2505 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin vulnerable to static code injection High
CVE-2011-2506 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
ImpressPages CMS RCE Critical
CVE-2011-4943 was published for impresspages/impresspages (Composer) Apr 22, 2022
Magento php object injection vulnerability Critical
CVE-2020-9664 was published for magento/core (Composer) May 24, 2022
Magento Remote code execution through catalog attribute sets High
CVE-2019-8231 was published for magento/core (Composer) May 24, 2022
Magento Remote code execution through support/output path modification High
CVE-2019-8230 was published for magento/core (Composer) May 24, 2022
Craft CMS Remote Code Execution vulnerability Critical
CVE-2023-41892 was published for craftcms/cms (Composer) Sep 13, 2023
zonia3000
October CMS safe mode bypass using Twig sandbox escape Critical
CVE-2023-44382 was published for october/system (Composer) Nov 29, 2023
whatev3n
October CMS safe mode bypass using Page template injection Moderate
CVE-2023-44381 was published for october/system (Composer) Nov 29, 2023
whatev3n
Statamic CMS vulnerable to remote code execution via form uploads High
CVE-2023-48217 was published for statamic/cms (Composer) Nov 14, 2023
ahinkle
Moodle Code Injection vulnerability Moderate
CVE-2023-5550 was published for moodle/moodle (Composer) Nov 9, 2023
Moodle Code Injection vulnerability High
CVE-2023-5540 was published for moodle/moodle (Composer) Nov 9, 2023
Subrion remote command execution vulnerability High
CVE-2023-46947 was published for intelliants/subrion (Composer) Nov 3, 2023
LibreNMS Code Injection vulnerability Moderate
CVE-2023-4977 was published for librenms/librenms (Composer) Sep 15, 2023
teampass vulnerable to code injection High
CVE-2023-2591 was published for nilsteampassnet/teampass (Composer) May 9, 2023
Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4 Critical
CVE-2023-32692 was published for codeigniter4/framework (Composer) May 22, 2023
TeamPass Code Injection vulnerability Critical
CVE-2023-3551 was published for nilsteampassnet/teampass (Composer) Jul 8, 2023
Moodle Code Injection vulnerability Moderate
CVE-2023-5539 was published for moodle/moodle (Composer) Nov 9, 2023
baserCMS Code Injection Vulnerability in Mail Form Feature Moderate
CVE-2023-43792 was published for baserproject/basercms (Composer) Oct 26, 2023
Command injection in pagekit High
CVE-2023-41005 was published for pagekit/pagekit (Composer) Aug 29, 2023
ProTip! Advisories are also available from the GraphQL API