GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
161 advisories
Filter by severity
phpMyAdmin Remote Code Execution
High
CVE-2013-3239
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Pimcore Vulnerable to PHP Object Injection Attacks
High
CVE-2014-2921
was published
for
pimcore/pimcore
(Composer)
May 17, 2022
Yii PHP Framework arbitrary PHP scripts execution
High
CVE-2014-4672
was published
for
yiisoft/yii
(Composer)
May 17, 2022
Drupal arbitrary code execution
High
CVE-2016-3171
was published
for
drupal/core
(Composer)
May 17, 2022
Slim vulnerable to PHP object injection
High
CVE-2015-2171
was published
for
slim/slim
(Composer)
May 17, 2022
Symfony Vulnerable to PHP Eval Injection
Moderate
CVE-2015-2308
was published
for
symfony/http-kernel
(Composer)
May 17, 2022
phpMyAdmin Remote code execution vulnerability when PHP is running with dbase extension
High
CVE-2016-6633
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Authenticated RCE in Zen Cart 1.5.5e
High
CVE-2017-11675
was published
for
zencart/zencart
(Composer)
May 17, 2022
Symphony Vulnerable to PHP Code Injection via YAML Parsing
High
CVE-2013-1348
was published
for
symfony/symfony
(Composer)
May 17, 2022
Symfony Arbitrary PHP code Execution
High
CVE-2013-1397
was published
for
symfony/symfony
(Composer)
May 17, 2022
Smarty arbitrary PHP code execution
High
CVE-2014-8350
was published
for
smarty/smarty
(Composer)
May 17, 2022
GeniXCMS arbitrary PHP code execution
High
CVE-2017-14764
was published
for
genix/cms
(Composer)
May 17, 2022
Zeta Components Mail Arbitrary code execution via a crafted email address
High
CVE-2017-15806
was published
for
zetacomponents/mail
(Composer)
May 17, 2022
Smarty PHP code injection
Critical
CVE-2017-1000480
was published
for
smarty/smarty
(Composer)
May 14, 2022
yii2-redis Potential Remote code execution
Critical
CVE-2018-8073
was published
for
yiisoft/yii2-redis
(Composer)
May 14, 2022
Centreon RCE Vulnerability
Critical
CVE-2018-11587
was published
for
centreon/centreon
(Composer)
May 14, 2022
Drupal PECL YAML parser unsafe object handling
Critical
CVE-2017-6920
was published
for
drupal/core
(Composer)
May 14, 2022
phpMyAdmin vulnerable to static code injection
High
CVE-2011-2506
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
phpMyAdmin remote variable manipulation
Moderate
CVE-2011-2505
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
PHPMailer susceptible to arbitrary code execution
High
CVE-2008-5619
was published
for
phpmailer/phpmailer
(Composer)
May 14, 2022
Subrion CMS PHP Object Injection
Critical
CVE-2017-5543
was published
for
intelliants/subrion
(Composer)
May 14, 2022
PrestaShop PHP Object Injection
High
CVE-2018-20717
was published
for
prestashop/prestashop
(Composer)
May 14, 2022
Code Injection in baserCMS
High
CVE-2017-10844
was published
for
baserproject/basercms
(Composer)
May 14, 2022
phpWhois arbitrary code execution via a crafted whois record
Critical
CVE-2015-5243
was published
for
brightlocal/phpwhois
(Composer)
May 14, 2022
MAGMI plugin for Magento Unsafe File Upload
High
CVE-2014-8770
was published
for
dweeves/magmi
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API