Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,291 advisories

Loading
Moodle backs up private files High
CVE-2012-1156 was published for moodle/moodle (Composer) Apr 23, 2022
Contao core SQL Injection Vulnerability High
CVE-2012-4383 was published for contao/core (Composer) Apr 23, 2022
Command injection in czproject/git-php High
CVE-2022-25866 was published for czproject/git-php (Composer) Apr 26, 2022
Malfunction of CSRF token validation in Shopware High
CVE-2022-24879 was published for shopware/shopware (Composer) Apr 28, 2022
URL Rewrite vulnerability in multiple zendframework components High
GHSA-f6p5-76fp-m248 was published for zendframework/zend-diactoros (Composer) Apr 28, 2022
TYPO3 Reveals Sensitive Information via Direct Request to `misc/phpcheck/` High
CVE-2005-4875 was published for typo3/cms (Composer) May 1, 2022
PEAR::Auth potential authentication bypass vulnerability High
CVE-2006-0868 was published for pear/auth (Composer) May 1, 2022
Joomla! Open Redirect vulnerability High
CVE-2008-3227 was published for joomla/framework (Composer) May 1, 2022
AdaptCMS SQL Injection vulnerability High
CVE-2008-4524 was published for adaptcms/adaptcms (Composer) May 2, 2022
Authentication library in TYPO3 vulnerable to session fixation High
CVE-2009-0256 was published for typo3/cms (Composer) May 2, 2022
Indexed Search Engine for TYPO3 Command Execution via Metacharacter Injection High
CVE-2009-0258 was published for typo3/cms (Composer) May 2, 2022
phpMyAdmin HTTP Response Splitting Vulnerability High
CVE-2009-1149 was published for phpmyadmin/phpmyadmin (Composer) May 2, 2022
Frontend User Registration extension for TYPO3 does not properly verify access rights High
CVE-2009-1264 was published for sjbr/sr-feuser-register (Composer) May 2, 2022
TYPO3 Backend Command Injection via Shell Metacharacters in Uploaded File Name High
CVE-2009-3631 was published for typo3/cms-backend (Composer) May 2, 2022
Accessibility Glossary (a21glossary) SQL injection vulnerability High
CVE-2009-4803 was published for svewap/a21glossary (Composer) May 2, 2022
TYPO3 powermail Extension Vulnerable to SQL Injection via Unspecified Vectors High
CVE-2010-0329 was published for in2code/powermail (Composer) May 2, 2022
TYPO3 Authentication Bypass via Salted user password hashes extension High
CVE-2010-1022 was published for typo3/cms-saltedpasswords (Composer) May 2, 2022 withdrawn
TYPO3 PHP remote file inclusion vulnerability High
CVE-2010-1153 was published for typo3/cms (Composer) May 2, 2022
snipe-IT vulnerable to host header injection High
CVE-2022-23064 was published for snipe/snipe-it (Composer) May 3, 2022
Improper neutralization of formula elements in yii-helpers High
CVE-2022-1544 was published for luyadev/yii-helpers (Composer) May 3, 2022
Symfony collectionCascaded and collectionCascadedDeeply fields security bypass High
CVE-2013-4751 was published for symfony/symfony (Composer) May 5, 2022
Improper account password reset in Craft CMS High
CVE-2022-29933 was published for craftcms/cms (Composer) May 10, 2022
Incorrect Authorization in microweber High
CVE-2022-1631 was published for microweber/microweber (Composer) May 10, 2022
Privilege escalation in easyappointments High
CVE-2022-1397 was published for alextselegidis/easyappointments (Composer) May 11, 2022
Wizkunde SAMLBase SAML Bypass High
CVE-2018-5387 was published for gogentooss/samlbase (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database