Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,342 advisories

Loading
Improper file handling in concrete5/core High
CVE-2021-22968 was published for concrete5/core (Composer) Nov 23, 2021
Deserialization of Untrusted Data in Archive_Tar High
CVE-2020-28948 was published for pear/archive_tar (Composer) Apr 22, 2021
OS Command Injection in baserCMS High
CVE-2021-20682 was published for baserproject/basercms (Composer) Jun 8, 2021
XXE Vulnerability in XMLBundle 0.1.7 High
CVE-2017-1000477 was published for desperado/xml-bundle (Composer) May 14, 2022
Weak Cryptography in PHP-Proxy High
CVE-2018-19784 was published for athlon1600/php-proxy (Composer) May 13, 2022
Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0 High
CVE-2018-8947 was published for rap2hpoutre/laravel-log-viewer (Composer) May 13, 2022
Code Injection in baserCMS High
CVE-2017-10844 was published for baserproject/basercms (Composer) May 14, 2022
Unrestricted File Upload vulnerability in Firefly III High
CVE-2021-3846 was published for grumpydictator/firefly-iii (Composer) May 24, 2022
Authenticated RCE in Zen Cart 1.5.5e High
CVE-2017-11675 was published for zencart/zencart (Composer) May 17, 2022
Zenario CMS vulnerable to CSRF High
CVE-2018-18420 was published for tribalsystems/zenario (Composer) May 14, 2022
LFI in PHP-Proxy 5.1.0 High
CVE-2018-19246 was published for athlon1600/php-proxy (Composer) May 14, 2022
Archive_Tar contains Potential RCE if filename starts with phar:// High
CVE-2018-1000888 was published for pear/archive_tar (Composer) Jul 7, 2023
Feehi CMS arbitrary file upload vulnerability High
CVE-2020-22643 was published for feehi/cms (Composer) May 24, 2022
Zen Cart vulnerable to authenticated remote code execution High
CVE-2021-3291 was published for zencart/zencart (Composer) May 24, 2022
baserCMS vulnerable to Access Control Bypass High
CVE-2018-0572 was published for baserproject/basercms (Composer) May 13, 2022
Unauthenticated File Read in PHP Proxy High
CVE-2018-19458 was published for athlon1600/php-proxy-app (Composer) May 14, 2022
Arbitrary file delete in baserCMS High
CVE-2017-10843 was published for baserproject/basercms (Composer) May 13, 2022
CSRF in baserCMS 3.0.10 and earlier High
CVE-2016-4879 was published for baserproject/basercms (Composer) May 13, 2022
CSRF in baserCMS 3.0.10 and earlier High
CVE-2016-4881 was published for baserproject/basercms (Composer) May 17, 2022
SQL Injection in Zenario 7.1-7.6 High
CVE-2018-5960 was published for tribalsystems/zenario (Composer) May 13, 2022
PEAR core file overwrite vulnerability High
CVE-2017-5630 was published for pear/pear (Composer) May 13, 2022
baserCMS Cross Site Request Forgery vulnerability High
CVE-2016-4878 was published for baserproject/basercms (Composer) May 17, 2022
Lavalite vulnerable to Arbitrary File Read via Directory Traversal High
CVE-2022-42188 was published for lavalite/cms (Composer) Oct 19, 2022
phpCAS vulnerable to Service Hostname Discovery Exploitation High
CVE-2022-39369 was published for apereo/phpcas (Composer) Nov 1, 2022
SSRF in Kitodo.Presentation High
CVE-2022-24980 was published for kitodo/presentation (Composer) Feb 20, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database