Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

516 advisories

Loading
PHPMemcachedAdmin Path Traversal vulnerability Critical
CVE-2023-6026 was published for elijaa/phpmemcacheadmin (Composer) Nov 30, 2023
Cache poisoning in drupal/core Critical
CVE-2023-5256 was published for drupal/core (Composer) Sep 28, 2023
westonsteimel
Craft CMS Remote Code Execution vulnerability Critical
CVE-2023-41892 was published for craftcms/cms (Composer) Sep 13, 2023
zonia3000
plotly.js prototype pollution vulnerability Critical
CVE-2023-46308 was published for plotly.js (Composer) Jan 3, 2024
Magento Blind SQL Injection in the Search module Critical
CVE-2021-21024 was published for magento/community-edition (Composer) May 24, 2022
Magento OS Command Injection Critical
CVE-2021-21018 was published for magento/community-edition (Composer) May 24, 2022
elFinder Path Traversal vulnerability Critical
CVE-2018-9109 was published for studio-42/elfinder (Composer) May 13, 2022
elFinder Unrestricted File Upload vulnerability Critical
CVE-2021-43421 was published for studio-42/elfinder (Composer) Apr 8, 2022
Magento deserialization vulnerability Critical
CVE-2020-3716 was published for magento/community-edition (Composer) May 24, 2022
Magento XML injection in the Widgets module Critical
CVE-2021-21019 was published for magento/community-edition (Composer) May 24, 2022
Magento security bypass vulnerability Critical
CVE-2020-3718 was published for magento/community-edition (Composer) May 24, 2022
Magento php object injection vulnerability Critical
CVE-2020-9664 was published for magento/core (Composer) May 24, 2022
Magento Security mitigation bypass vulnerability Critical
CVE-2020-9579 was published for magento/community-edition (Composer) May 24, 2022
Magento improper input validation vulnerability Critical
CVE-2022-24086 was published for magento/community-edition (Composer) Feb 17, 2022
Magento XML Injection vulnerability in the Widgets Module Critical
CVE-2022-34253 was published for magento/community-edition (Composer) Aug 17, 2022
Typo3 Authentication Bypass Critical
CVE-2011-4628 was published for typo3/cms (Composer) Apr 22, 2022
Typo3 SQL injection due to faulty prepared statements Critical
CVE-2011-3583 was published for typo3/cms (Composer) Apr 22, 2022
Smarty3 Arbitrary PHP Code Execution Critical
CVE-2011-1028 was published for smarty/smarty (Composer) Apr 22, 2022
WWBN AVideo Insufficient Entropy vulnerbaility Critical
CVE-2023-49599 was published for wwbn/avideo (Composer) Jan 10, 2024
ImpressPages CMS RCE Critical
CVE-2011-4943 was published for impresspages/impresspages (Composer) Apr 22, 2022
Blind SQL injection in shopware Critical
CVE-2024-22406 was published for shopware/core (Composer) Jan 17, 2024
Remote CLI Command Execution Vulnerability in CodeIgniter4 Critical
CVE-2022-24711 was published for codeigniter4/framework (Composer) Mar 1, 2022
iRedds
Symfony Unsafe Cache Serialization Could Enable RCE Critical
CVE-2019-18889 was published for symfony/cache (Composer) Dec 2, 2019
Craft CMS possibility of brute force attempts Critical
CVE-2019-15929 was published for craftcms/cms (Composer) May 24, 2022
Server-Side Request Forgery (SSRF) in rudloff/alltube Critical
CVE-2022-0768 was published for rudloff/alltube (Composer) Mar 1, 2022
416e6e61
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database