Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

530 advisories

Loading
Potential Remote Code Execution in TYPO3 with mediace extension Critical
CVE-2020-15086 was published for friendsoftypo3/mediace (Composer) Jul 29, 2020
ohader
Credited to ohader
TCPDF vulnerable to attackers triggering deserialization of arbitrary data Critical
CVE-2018-17057 was published for fooman/tcpdf (Composer) Oct 6, 2022
Drupal Improper Access Control Critical
CVE-2019-6342 was published for drupal/core (Composer) Jan 11, 2024
XSS vulnerability leveraged through referrers could allow un-authorized admin access in Mautic Critical
CVE-2020-35124 was published for mautic/core (Composer) Jan 19, 2021
nvn1729
Credited to nvn1729
Path manipulation in matyhtf/framework Critical
CVE-2021-43676 was published for matyhtf/framework (Composer) Dec 4, 2021
Rudloff
Credited to Rudloff
PharStreamWrapper for Typo3 unsafe deserialization vulnerability Critical
CVE-2019-11830 was published for typo3/phar-stream-wrapper (Composer) May 24, 2022
Yii2 allows attackers to execute any local .php file via a relative path in the view parameter Critical
CVE-2015-5467 was published for yiisoft/yii2 (Composer) Sep 21, 2023
Directory Traversal in typo3/phar-stream-wrapper Critical
CVE-2019-11831 was published for drupal/core (Composer) Sep 30, 2021
Remote code injection in dompdf/dompdf Critical
CVE-2022-28368 was published for dompdf/dompdf (Composer) Apr 4, 2022
DBAL 3 SQL Injection Security Vulnerability Critical
CVE-2021-43608 was published for doctrine/dbal (Composer) Nov 16, 2021
Arbitrary PHP code execution in Drupal Critical
CVE-2019-6339 was published for drupal/core (Composer) Jan 6, 2022
Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem Critical
CVE-2021-32708 was published for league/flysystem (Composer) Jun 29, 2021
stevenseeley
Credited to stevenseeley
elFinder command injection vulnerability in the PHP connector Critical
CVE-2019-9194 was published for studio-42/elfinder (Composer) May 13, 2022
Remote Code Execution in SyliusResourceBundle Critical
CVE-2020-15146 was published for sylius/resource-bundle (Composer) Aug 19, 2020
isometriks tdunlap607
Credited to isometriks and tdunlap607
Object injection in PHPMailer/PHPMailer Critical
CVE-2020-36326 was published for phpmailer/phpmailer (Composer) May 4, 2021
Silverstripe Framework SQLi Vulnerability Critical
CVE-2019-5715 was published for silverstripe/framework (Composer) May 14, 2022
Shopware RCE Vulnerability Critical
CVE-2016-3109 was published for shopware/shopware (Composer) May 14, 2022
Incorrect persistent NameID generation in SimpleSAMLphp Critical
CVE-2017-12873 was published for simplesamlphp/simplesamlphp (Composer) Jan 24, 2020
PHP Code Injection by malicious function name in smarty Critical
CVE-2021-26120 was published for smarty/smarty (Composer) Feb 26, 2021
stevenseeley
Credited to stevenseeley
Improper Certificate Validation in WP-CLI framework Critical
CVE-2021-29504 was published for wp-cli/wp-cli (Composer) May 19, 2021
WhiteWinterWolf
Credited to WhiteWinterWolf
Zend Framework Allows SQL Injection Critical
CVE-2016-6233 was published for zendframework/zendframework (Composer) May 14, 2022
Zend Framework Allows SQL Injection Critical
CVE-2015-0270 was published for zendframework/zend-db (Composer) May 24, 2022
Symfony Authentication Bypass Critical
CVE-2016-2403 was published for symfony/security (Composer) May 14, 2022
Symfony Incorrect Access Control Critical
CVE-2017-11365 was published for symfony/security (Composer) May 24, 2022
Magento 2 Community Edition SQLi Vulnerability Critical
CVE-2019-7139 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database