Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,291 advisories

Loading
Unrestricted Upload of File with Dangerous Type in WPanel 4 High
CVE-2021-34257 was published for wpanel/wpanel4-cms (Composer) Apr 1, 2022
Automatic named constructor discovery in Valinor High
GHSA-xhr8-mpwq-2rr2 was published for cuyz/valinor (Composer) Apr 1, 2022
Ocramius
Remote code execution in Subrion High
CVE-2021-43464 was published for intelliants/subrion (Composer) Apr 5, 2022
Buffer length underflow in LoginPacket causing unchecked exceptions to be thrown High
GHSA-5jfw-35xp-5m42 was published for pocketmine/bedrock-protocol (Composer) Apr 5, 2022
Cross-site Scripting in TastyIgniter High
CVE-2022-0602 was published for tastyigniter/tastyigniter (Composer) Apr 6, 2022
SQL injection in ImpressCMS High
CVE-2022-26986 was published for impresscms/impresscms (Composer) Apr 6, 2022
Weak password hash in LiveHelperChat High
CVE-2022-1235 was published for remdex/livehelperchat (Composer) Apr 6, 2022
Server side request forgery in LiveHelperChat High
CVE-2022-1213 was published for remdex/livehelperchat (Composer) Apr 6, 2022
Files or Directories Accessible to External Parties in Adminer High
CVE-2021-43008 was published for vrana/adminer (Composer) Apr 6, 2022
HTTP Proxy header vulnerability High
CVE-2016-5385 was published for amphp/artax (Composer) Apr 7, 2022
Improper Neutralization of Formula Elements in a CSV File in Kimai 2 High
CVE-2021-43515 was published for kevinpapst/kimai2 (Composer) Apr 9, 2022
SQL Injection in Pimcore High
CVE-2022-1219 was published for pimcore/pimcore (Composer) Apr 9, 2022
Code Injection in Bolt CMS High
CVE-2021-40219 was published for bolt/core (Composer) Apr 12, 2022
Persistent Cross-site Scripting vulnerability in PrivateBin High
CVE-2022-24833 was published for privatebin/privatebin (Composer) Apr 12, 2022
SQL Injection in Pimcore High
CVE-2022-1339 was published for pimcore/pimcore (Composer) Apr 14, 2022
MantisBT CSV Injection unprivileged user access in csv_export.php High
CVE-2021-43257 was published for mantisbt/mantisbt (Composer) Apr 15, 2022
MantisBT Insufficient Session Expiration cookie string not reset after logout High
CVE-2009-20001 was published for mantisbt/mantisbt (Composer) Apr 21, 2022
TYPO3 Arbitrary Code Execution vulnerability on the backend High
CVE-2010-3663 was published for typo3/cms-backend (Composer) Apr 21, 2022
TYPO3 SQL injection vulnerability on the backend High
CVE-2010-3662 was published for typo3/cms-backend (Composer) Apr 21, 2022
simpleSAMLphp incorrectly handles XML encryption High
CVE-2011-4625 was published for simplesamlphp/simplesamlphp (Composer) Apr 22, 2022
Missing input validation can lead to command execution in composer High
CVE-2022-24828 was published for composer/composer (Composer) Apr 22, 2022
thomas-chauchefoin-sonarsource
Insufficient type validation in pocketmine/pocketmine-mp High
GHSA-g5rr-p69h-7v3g was published for pocketmine/pocketmine-mp (Composer) Apr 22, 2022
kurt-r2c
Server-Side Request Forgery (SSRF) in Shopware High
CVE-2022-24871 was published for shopware/core (Composer) Apr 22, 2022
shyim
Improper Access Control in Shopware High
CVE-2022-24872 was published for shopware/core (Composer) Apr 22, 2022
NilsEvers
SQL Injection found in Pimcore High
CVE-2022-1429 was published for pimcore/pimcore (Composer) Apr 23, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database