GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+
516 advisories
Filter by severity
Pimcore Access Control Issues
Critical
CVE-2019-18981
was published
for
pimcore/pimcore
(Composer)
May 24, 2022
phpMyAdmin unsanitized Git information
Critical
CVE-2019-19617
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 24, 2022
php-shellcommand command injection vulnerability
Critical
CVE-2019-10774
was published
for
mikehaertl/php-shellcommand
(Composer)
May 24, 2022
Dolibarr Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2020-7995
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Magento security bypass vulnerability
Critical
CVE-2020-3718
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento deserialization vulnerability
Critical
CVE-2020-3716
was published
for
magento/community-edition
(Composer)
May 24, 2022
SEOmatic for CraftCMS allows Server-Side Template Injection
Critical
CVE-2020-9757
was published
for
nystudio107/craft-seomatic
(Composer)
May 24, 2022
Fat-Free Framework arbitrary code execution
Critical
CVE-2020-5203
was published
for
bcosca/fatfree
(Composer)
May 24, 2022
Dolibarr Cross-site Scripting via the qty parameter in product/fournisseurs.php
Critical
CVE-2019-19212
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
eZ Publish Kernel and Legacy Unrestricted Upload of File with Dangerous Type
Critical
CVE-2020-10806
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 24, 2022
Moodle Oauth 2 Insufficiently Protects Against Compromise
Critical
CVE-2019-14880
was published
for
moodle/moodle
(Composer)
May 24, 2022
Knock Knock plugin IP Whitelist bypass via an X-Forwarded-For HTTP header
Critical
CVE-2020-13485
was published
for
verbb/knock-knock
(Composer)
May 24, 2022
bbPress unauthenticated privilege-escalation
Critical
CVE-2020-13693
was published
for
bbpress/bbpress
(Composer)
May 24, 2022
Magento Security mitigation bypass vulnerability
Critical
CVE-2020-9579
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento command injection vulnerability
Critical
CVE-2020-9578
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento command injection vulnerability
Critical
CVE-2020-9576
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Security mitigation bypass vulnerability
Critical
CVE-2020-9580
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento command injection vulnerability
Critical
CVE-2020-9582
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento command injection vulnerability
Critical
CVE-2020-9583
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Defense-in-depth security mitigation vulnerability
Critical
CVE-2020-9585
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento security mitigation bypass vulnerability
Critical
CVE-2020-9631
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento security mitigation bypass vulnerability
Critical
CVE-2020-9632
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento business logic error vulnerability
Critical
CVE-2020-9630
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento php object injection vulnerability
Critical
CVE-2020-9664
was published
for
magento/core
(Composer)
May 24, 2022
Magento DOM-based Cross-site scripting vulnerability
Critical
CVE-2020-9691
was published
for
magento/community-edition
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API