Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

516 advisories

Loading
phpMyAdmin SQL injection vulnerability Critical
CVE-2020-26935 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
Magento 2 Community Edition RCE via Unsafe File Upload Critical
CVE-2020-24407 was published for magento/community-edition (Composer) May 24, 2022
ThinkAdmin insecure unserialize vulnerability Critical
CVE-2020-23653 was published for zoujingli/thinkadmin (Composer) May 24, 2022
AnonySE26
Mautic stored Cross-site Scripting (XSS) Critical
CVE-2020-35128 was published for mautic/core (Composer) May 24, 2022
Magento OS command injection via the WebAPI Critical
CVE-2021-21016 was published for magento/community-edition (Composer) May 24, 2022
Magento OS Command Injection Critical
CVE-2021-21018 was published for magento/community-edition (Composer) May 24, 2022
Magento vulnerable to a file upload restriction bypass Critical
CVE-2021-21014 was published for magento/community-edition (Composer) May 24, 2022
Magento XPath Injection Critical
CVE-2021-21025 was published for magento/community-edition (Composer) May 24, 2022
Magento Blind SQL Injection in the Search module Critical
CVE-2021-21024 was published for magento/community-edition (Composer) May 24, 2022
Magento XML injection in the Widgets module Critical
CVE-2021-21019 was published for magento/community-edition (Composer) May 24, 2022
qcubed SQL injection vulnerability in profile.php via the strQuery parameter Critical
CVE-2020-24913 was published for qcubed/qcubed (Composer) May 24, 2022
qcubed PHP object injection Critical
CVE-2020-24914 was published for qcubed/qcubed (Composer) May 24, 2022
ShopXO RCE Vulnerability Critical
CVE-2021-27817 was published for shopxo/shopxo (Composer) May 24, 2022
Drupal Core Access bypass vulnerability Critical
CVE-2020-13665 was published for drupal/core (Composer) May 24, 2022
Moodle command execution vulnerability exists in the default legacy spellchecker plugin Critical
CVE-2021-21809 was published for moodle/moodle (Composer) May 24, 2022
NukeViet SQL Injection vulnerability via topicsid parameter Critical
CVE-2020-21808 was published for nukeviet/nukeviet (Composer) May 24, 2022
NukeViet SQL Injection vulnerability Critical
CVE-2020-21809 was published for nukeviet/nukeviet (Composer) May 24, 2022
Froxlor SQL injection vulnerability Critical
CVE-2021-42325 was published for froxlor/froxlor (Composer) May 24, 2022
Dolibarr remote PHP code execution Critical
CVE-2021-33816 was published for dolibarr/dolibarr (Composer) May 24, 2022
Magento 2 Community Edition SQLi Vulnerability Critical
CVE-2019-7139 was published for magento/community-edition (Composer) May 24, 2022
Magento Broken authentication and session managememt Critical
CVE-2019-8149 was published for magento/community-edition (Composer) May 24, 2022
Mautic stored Cross-site Scripting (XSS) Critical
CVE-2020-35129 was published for mautic/core (Composer) May 24, 2022
Cross-site Scripting vulnerability in Mautic's tracking pixel functionality Critical
CVE-2022-25772 was published for mautic/core (Composer) May 25, 2022
mollux
Login timing attack in ezsystems/ezplatform-kernel Critical
GHSA-342c-vcff-2ff2 was published for ezsystems/ezplatform-kernel (Composer) Jun 2, 2022
Login timing attack in ezsystems/ezpublish-kernel Critical
GHSA-xfqg-p48g-hh94 was published for ezsystems/ezpublish-kernel (Composer) Jun 2, 2022
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database