GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,655
Maven
5,000+
npm
4,284
NuGet
760
pip
4,067
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+
530 advisories
Filter by severity
Magento OS command injection via the WebAPI
Critical
CVE-2021-21016
was published
for
magento/community-edition
(Composer)
May 24, 2022
Mautic stored Cross-site Scripting (XSS)
Critical
CVE-2020-35128
was published
for
mautic/core
(Composer)
May 24, 2022
ThinkAdmin insecure unserialize vulnerability
Critical
CVE-2020-23653
was published
for
zoujingli/thinkadmin
(Composer)
May 24, 2022
Magento 2 Community Edition RCE via Unsafe File Upload
Critical
CVE-2020-24407
was published
for
magento/community-edition
(Composer)
May 24, 2022
phpMyAdmin SQL injection vulnerability
Critical
CVE-2020-26935
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 24, 2022
Magento DOM-based Cross-site scripting vulnerability
Critical
CVE-2020-9691
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento php object injection vulnerability
Critical
CVE-2020-9664
was published
for
magento/core
(Composer)
May 24, 2022
Magento business logic error vulnerability
Critical
CVE-2020-9630
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento security mitigation bypass vulnerability
Critical
CVE-2020-9632
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento security mitigation bypass vulnerability
Critical
CVE-2020-9631
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento command injection vulnerability
Critical
CVE-2020-9582
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento command injection vulnerability
Critical
CVE-2020-9583
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Defense-in-depth security mitigation vulnerability
Critical
CVE-2020-9585
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento command injection vulnerability
Critical
CVE-2020-9576
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Security mitigation bypass vulnerability
Critical
CVE-2020-9580
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento command injection vulnerability
Critical
CVE-2020-9578
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Security mitigation bypass vulnerability
Critical
CVE-2020-9579
was published
for
magento/community-edition
(Composer)
May 24, 2022
bbPress unauthenticated privilege-escalation
Critical
CVE-2020-13693
was published
for
bbpress/bbpress
(Composer)
May 24, 2022
Knock Knock plugin IP Whitelist bypass via an X-Forwarded-For HTTP header
Critical
CVE-2020-13485
was published
for
verbb/knock-knock
(Composer)
May 24, 2022
Moodle Oauth 2 Insufficiently Protects Against Compromise
Critical
CVE-2019-14880
was published
for
moodle/moodle
(Composer)
May 24, 2022
eZ Publish Kernel and Legacy Unrestricted Upload of File with Dangerous Type
Critical
CVE-2020-10806
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 24, 2022
Dolibarr Cross-site Scripting via the qty parameter in product/fournisseurs.php
Critical
CVE-2019-19212
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Fat-Free Framework arbitrary code execution
Critical
CVE-2020-5203
was published
for
bcosca/fatfree
(Composer)
May 24, 2022
SEOmatic for CraftCMS allows Server-Side Template Injection
Critical
CVE-2020-9757
was published
for
nystudio107/craft-seomatic
(Composer)
May 24, 2022
Magento deserialization vulnerability
Critical
CVE-2020-3716
was published
for
magento/community-edition
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API