Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,245
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

22 advisories

Loading
Object injection in cookie driver in phpfastcache Moderate
CVE-2019-16774 was published for phpfastcache/phpfastcache (Composer) Dec 12, 2019
Geolim4
XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument Moderate
GHSA-7vcx-v65q-9wpg was published for phpxmlrpc/phpxmlrpc (Composer) Jan 11, 2023
TatianaGarcia94
Froxlor vulnerable to code injection Moderate
CVE-2022-3869 was published for froxlor/froxlor (Composer) Nov 5, 2022
Microweber vulnerable to HTML Injection in create tag functionality Moderate
CVE-2022-3245 was published for microweber/microweber (Composer) Sep 21, 2022
Froxlor vulnerable to Code Injection Moderate
CVE-2022-3721 was published for froxlor/froxlor (Composer) Nov 4, 2022
Code Injection in thorsten/phpmyfaq Moderate
CVE-2023-0792 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
phpMyFAQ Code Injection vulnerability Moderate
CVE-2023-1761 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
aruneko
WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection Moderate
CVE-2022-2099 was published for woocommerce/woocommerce (Composer) Jul 18, 2022
Moodle Authenticated Spelling Binary Remote Code Execution Moderate
CVE-2013-3630 was published for moodle/moodle (Composer) May 13, 2022
baserCMS Code Injection Vulnerability in Mail Form Feature Moderate
CVE-2023-43792 was published for baserproject/basercms (Composer) Oct 26, 2023
Moodle Code Injection vulnerability Moderate
CVE-2023-5539 was published for moodle/moodle (Composer) Nov 9, 2023
LibreNMS Code Injection vulnerability Moderate
CVE-2023-4977 was published for librenms/librenms (Composer) Sep 15, 2023
Moodle Code Injection vulnerability Moderate
CVE-2023-5550 was published for moodle/moodle (Composer) Nov 9, 2023
October CMS safe mode bypass using Page template injection Moderate
CVE-2023-44381 was published for october/system (Composer) Nov 29, 2023
whatev3n
phpMyAdmin remote variable manipulation Moderate
CVE-2011-2505 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Moodle remote code execution via quiz questions Moderate
CVE-2014-3545 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Dolibarr ERP CRM Code Injection vulnerability during installation Moderate
CVE-2024-29477 was published for dolibarr/dolibarr (Composer) Apr 3, 2024
PHP file inclusion via insert tags Moderate
CVE-2021-37626 was published for contao/contao (Composer) Aug 23, 2021
ausi
Securimage HTML Injection Moderate
CVE-2017-14077 was published for dapphp/securimage (Composer) May 13, 2022
Symfony Vulnerable to PHP Eval Injection Moderate
CVE-2015-2308 was published for symfony/http-kernel (Composer) May 17, 2022
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads Moderate
GHSA-pqjm-xcp8-wgmm was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Ez Platform Object Injection in legacy shop module Moderate
GHSA-39j2-4p9j-5w4j was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API