Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

44 advisories

Loading
Improper Encoding or Escaping of Output and Injection in LibreNMS High
CVE-2019-12463 was published for librenms/librenms (Composer) Oct 11, 2019
Remote code execution in turn extension for TYPO3 High
CVE-2020-15515 was published for marcwillmann/turn (Composer) Jul 29, 2020
Remote Code Execution in SyliusResourceBundle High
CVE-2020-15143 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks tdunlap607
Potential Remote Code Execution vulnerability High
CVE-2020-15227 was published for nette/application (Composer) Oct 2, 2020
Edit template, Remote Code Execution (RCE) Vulnerability in Latest Release 4.4.0 High
CVE-2020-15277 was published for baserproject/basercms (Composer) Oct 30, 2020
Aquilao
RCE via PHP Object injection via SOAP Requests High
CVE-2020-15244 was published for openmage/magento-lts (Composer) Oct 30, 2020
convenient
Query Binding Exploitation High
CVE-2021-21263 was published for illuminate/database (Composer) Jan 19, 2021
Unexpected database bindings High
GHSA-x7p5-p2c9-phvg was published for illuminate/database (Composer) Feb 2, 2021
Multiple vulnerabilities through filename manipulation in Archive_Tar High
CVE-2020-28949 was published for pear/archive_tar (Composer) Apr 22, 2021
PHPMailer untrusted code may be run from an overridden address validator High
CVE-2021-3603 was published for phpmailer/phpmailer (Composer) Jun 22, 2021
0xcrypto
CSV injection in Craft CMS High
GHSA-xrpj-f9v6-2332 was published for craftcms/cms (Composer) Oct 4, 2021 withdrawn
Insecure Inherited Permissions in neoan3-apps/template High
CVE-2021-41170 was published for neoan3-apps/template (Composer) Nov 10, 2021
Injection in UserFrosting High
CVE-2021-25994 was published for userfrosting/userfrosting (Composer) Jan 6, 2022
Sandbox Escape by math function in smarty High
CVE-2021-29454 was published for smarty/smarty (Composer) Jan 12, 2022
October/System authenticated file write leads to remote code execution High
CVE-2021-32649 was published for october/system (Composer) Jan 14, 2022
cydave
october/system arbitrary code execution High
CVE-2021-32650 was published for october/system (Composer) Jan 14, 2022
sushiwushi
Code injection in Twig High
CVE-2022-23614 was published for twig/twig (Composer) Feb 10, 2022
Authenticated remote code execution in October CMS High
CVE-2022-21705 was published for october/system (Composer) Feb 23, 2022
cydave
Command injection in czproject/git-php High
CVE-2022-25866 was published for czproject/git-php (Composer) Apr 26, 2022
snipe-IT vulnerable to host header injection High
CVE-2022-23064 was published for snipe/snipe-it (Composer) May 3, 2022
PEAR core file overwrite vulnerability High
CVE-2017-5630 was published for pear/pear (Composer) May 13, 2022
Twig remote code execution in templates High
CVE-2015-7809 was published for twig/twig (Composer) May 14, 2022
SimpleSAMLphp SAML2 library Regular Expression Denial of Service vulnerability High
CVE-2018-6519 was published for simplesamlphp/saml2 (Composer) May 14, 2022
Joomla! Framework Remote Code Injection Vulnerability High
CVE-2015-8566 was published for joomla/session (Composer) May 17, 2022
SEOmatic for CraftCMS allows Server-Side Template Injection High
CVE-2020-12790 was published for nystudio107/craft-seomatic (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API