Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,110
NuGet
735
pip
3,933
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

515 advisories

Loading
Duplicate Advisory: AVideo contains Command injection when embedding a video link Critical
GHSA-wj6r-53f5-q789 was published for wwbn/avideo (Composer) Apr 25, 2023 withdrawn
PyroCMS remote code execution vulnerability Critical
CVE-2023-29689 was published for pyrocms/pyrocms (Composer) Aug 4, 2023
Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4 Critical
CVE-2023-32692 was published for codeigniter4/framework (Composer) May 22, 2023
fuadmin vulnerable to insecure file upload Critical
CVE-2023-36097 was published for funadmin/funadmin (Composer) Jun 22, 2023
SQL filter bypass leading to arbitrary write requests using "SQL Manager" Critical
CVE-2023-30839 was published for prestashop/prestashop (Composer) Apr 25, 2023
truff77
TeamPass Code Injection vulnerability Critical
CVE-2023-3551 was published for nilsteampassnet/teampass (Composer) Jul 8, 2023
AzuraCast missing brute force prevention Critical
CVE-2023-2531 was published for azuracast/azuracast (Composer) May 5, 2023
liufee CMS File Upload vulnerability Critical
CVE-2020-21174 was published for feehi/cms (Composer) Jun 20, 2023
Liufee CMS File Upload vulnerability Critical
CVE-2020-21489 was published for feehi/cms (Composer) Jun 20, 2023
Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code Execution Critical
CVE-2023-36825 was published for orchid/platform (Composer) Jul 11, 2023
catferq
php-imap vulnerable to RCE through a directory traversal vulnerability Critical
CVE-2023-35169 was published for webklex/laravel-imap (Composer) Jun 21, 2023
angelej
TeamPass vulnerable to stored Cross-site Scripting Critical
CVE-2023-3086 was published for nilsteampassnet/teampass (Composer) Jun 3, 2023
Froxlor vulnerable to Improper Encoding or Escaping of Output Critical
CVE-2023-3668 was published for froxlor/froxlor (Composer) Jul 14, 2023
phpMyFAQ Cross-site Scripting vulnerability Critical
CVE-2023-5316 was published for thorsten/phpmyfaq (Composer) Sep 30, 2023
phpMyFAQ Cross-site Scripting vulnerability Critical
CVE-2023-5320 was published for thorsten/phpmyfaq (Composer) Sep 30, 2023
Snappy PHAR deserialization vulnerability Critical
CVE-2023-41330 was published for knplabs/knp-snappy (Composer) Sep 8, 2023
Froxlor vulnerable to Improper Restriction of Excessive Authentication Attempts Critical
CVE-2023-3173 was published for froxlor/froxlor (Composer) Jun 9, 2023
Grav Server Side Template Injection (SSTI) vulnerability Critical
CVE-2023-34251 was published for getgrav/grav (Composer) Jun 16, 2023
scgajge12
Cachet vulnerable to Authenticated Remote Code Execution Critical
CVE-2023-43661 was published for cachethq/cachet (Composer) Oct 16, 2023
rive-n
Cross Site Scripting vulnerability in Dolibarr ERP CRM Critical
CVE-2023-38888 was published for dolibarr/dolibarr (Composer) Sep 20, 2023
Json response for search reveals Solr credentials Critical
GHSA-7crc-r3wg-cfgf was published for ezsystems/ezplatform-solr-search-engine (Composer) Nov 3, 2023
Json response for search reveals Solr credentials Critical
GHSA-v6xp-ccvx-w52m was published for ibexa/solr (Composer) Nov 3, 2023
phpMyAdmin CSRF Vulnerability Critical
CVE-2016-9866 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Zend Framework Allows SQL Injection Critical
CVE-2016-4861 was published for zendframework/zendframework (Composer) May 14, 2022
nterchange Code Injection vulnerability Critical
CVE-2015-10009 was published for nonfiction/nterchange (Composer) Jan 2, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database