GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+
530 advisories
Filter by severity
qcubed SQL injection vulnerability in profile.php via the strQuery parameter
Critical
CVE-2020-24913
was published
for
qcubed/qcubed
(Composer)
May 24, 2022
Knock Knock plugin IP Whitelist bypass via an X-Forwarded-For HTTP header
Critical
CVE-2020-13485
was published
for
verbb/knock-knock
(Composer)
May 24, 2022
phpMyAdmin unsanitized Git information
Critical
CVE-2019-19617
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 24, 2022
Moodle command execution vulnerability exists in the default legacy spellchecker plugin
Critical
CVE-2021-21809
was published
for
moodle/moodle
(Composer)
May 24, 2022
phpMyAdmin SQL injection in Designer feature
Critical
CVE-2019-11768
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 24, 2022
phpMyAdmin SQL injection vulnerability
Critical
CVE-2020-26935
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 24, 2022
Moodle Minor SQL injection risk in admin user browsing
Critical
CVE-2022-40315
was published
for
moodle/moodle
(Composer)
Oct 1, 2022
Moodle remote code execution
Critical
CVE-2022-40314
was published
for
moodle/moodle
(Composer)
Oct 1, 2022
Moodle SQL injection via user preferences
Critical
CVE-2017-2641
was published
for
moodle/moodle
(Composer)
May 17, 2022
Moodle Blind SSRF Risk in /badges/mybackpack.php
Critical
CVE-2019-3809
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle PostScript Code Injection
Critical
CVE-2022-35649
was published
for
moodle/moodle
(Composer)
Jul 26, 2022
zend-mail remote code execution via Sendmail adapter
Critical
CVE-2016-10034
was published
for
zendframework/zend-mail
(Composer)
May 14, 2022
Zend Framework SQL injection vector using null byte for PDO
Critical
CVE-2015-7695
was published
for
zendframework/zendframework1
(Composer)
May 17, 2022
Mautic stored Cross-site Scripting (XSS)
Critical
CVE-2020-35128
was published
for
mautic/core
(Composer)
May 24, 2022
Elefant CMS PHP Code Execution Vulnerability
Critical
CVE-2018-16975
was published
for
elefant/cms
(Composer)
May 13, 2022
PHPOffice Common Improper Restriction of XML External Entity Reference
Critical
CVE-2018-14065
was published
for
phpoffice/common
(Composer)
May 14, 2022
phpWhois arbitrary code execution via a crafted whois record
Critical
CVE-2015-5243
was published
for
brightlocal/phpwhois
(Composer)
May 14, 2022
Zend Framework SQL injection vulnerability
Critical
CVE-2014-8089
was published
for
zendframework/zend-db
(Composer)
Apr 23, 2024
Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions
Critical
CVE-2017-6925
was published
for
drupal/core
(Composer)
May 13, 2022
Drupal Core Access bypass vulnerability
Critical
CVE-2020-13665
was published
for
drupal/core
(Composer)
May 24, 2022
Drupal PECL YAML parser unsafe object handling
Critical
CVE-2017-6920
was published
for
drupal/core
(Composer)
May 14, 2022
Remote code execution in zendframework and laminas-http
Critical
CVE-2021-3007
was published
for
laminas/laminas-http
(Composer)
Jun 8, 2021
Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input
Critical
CVE-2023-28333
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
Critical
CVE-2014-4172
was published
for
DotNetCasClient
(Composer)
May 17, 2022
Gleez Cms Server Side Request Forgery (SSRF) vulnerability
Critical
CVE-2021-27312
was published
for
gleez/cms
(Composer)
Apr 3, 2024
ProTip!
Advisories are also available from the
GraphQL API