GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+
516 advisories
Filter by severity
Centreon Privilege Escalation
Critical
CVE-2018-21025
was published
for
centreon/centreon
(Composer)
May 24, 2022
LibreNMS Information Disclosure
Critical
CVE-2019-10665
was published
for
librenms/librenms
(Composer)
May 24, 2022
BEdita vulnerable to SQL injection
Critical
CVE-2019-15570
was published
for
bedita/bedita
(Composer)
May 24, 2022
Spoon Library as used in Fork CMS allows PHP object injection
Critical
CVE-2019-15521
was published
for
spoon/library
(Composer)
May 24, 2022
Wikimedia MediaWiki Incorrect Access Control vulnerability
Critical
CVE-2019-12468
was published
for
mediawiki/core
(Composer)
May 24, 2022
Contao SQL injection in the file manager
Critical
CVE-2019-11512
was published
for
contao/contao
(Composer)
May 24, 2022
CodeIgniter Rest Server XXE Vulnerability
Critical
CVE-2015-3907
was published
for
chriskacerguis/codeigniter-restserver
(Composer)
May 24, 2022
silverstripe restfulserver and registry modules SQL injection vulnerability
Critical
CVE-2019-12149
was published
for
silverstripe/registry
(Composer)
May 24, 2022
phpMyAdmin SQL injection in Designer feature
Critical
CVE-2019-11768
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 24, 2022
Symfony Incorrect Access Control
Critical
CVE-2017-11365
was published
for
symfony/security
(Composer)
May 24, 2022
PharStreamWrapper for Typo3 unsafe deserialization vulnerability
Critical
CVE-2019-11830
was published
for
typo3/phar-stream-wrapper
(Composer)
May 24, 2022
Contao SQL injection in the backend and listing module
Critical
CVE-2017-16558
was published
for
contao/contao
(Composer)
May 24, 2022
LibreNMS arbitrary OS commands execution
Critical
CVE-2018-20434
was published
for
librenms/librenms
(Composer)
May 24, 2022
Incorrect Calculation in moodle
Critical
CVE-2022-30600
was published
for
moodle/moodle
(Composer)
May 19, 2022
SQL injection in moodle
Critical
CVE-2022-30599
was published
for
moodle/moodle
(Composer)
May 19, 2022
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
Critical
CVE-2014-4172
was published
for
DotNetCasClient
(Composer)
May 17, 2022
Apache Solr for TYPO3 (solr) extension is vulnerable to Insecure Unserialize
Critical
CVE-2013-6288
was published
for
apache-solr-for-typo3/solr
(Composer)
May 17, 2022
TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash
Critical
CVE-2014-3945
was published
for
typo3/cms
(Composer)
May 17, 2022
Zend Framework SQL injection vector using null byte for PDO
Critical
CVE-2015-7695
was published
for
zendframework/zendframework1
(Composer)
May 17, 2022
Froxlor guessable password reset token
Critical
CVE-2016-5100
was published
for
froxlor/froxlor
(Composer)
May 17, 2022
CodeIgniter arbitrary code execution
Critical
CVE-2016-10131
was published
for
bcit-ci/codeigniter
(Composer)
May 17, 2022
TeamPass vulnerable to SQL Injection
Critical
CVE-2015-7564
was published
for
nilsteampassnet/teampass
(Composer)
May 17, 2022
GeniXCMS Arbitrary User Password Reset Vulnerability
Critical
CVE-2017-8827
was published
for
genix/cms
(Composer)
May 17, 2022
Dolibarr SQL Injection in doli/theme/eldy/style.css.php via the lang parameter
Critical
CVE-2017-7886
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
Dolibarr ERP and CRM Insecure Encryption
Critical
CVE-2017-7888
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API