Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,111
NuGet
735
pip
3,933
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

515 advisories

Loading
himiklab yii2-jqgrid-widget vulnerable to SQL Injection Critical
CVE-2014-125051 was published for himiklab/yii2-jqgrid-widget (Composer) Jan 6, 2023
kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference Critical
CVE-2015-10029 was published for kelvinmo/simplexrd (Composer) Jan 7, 2023
PaginationServiceProvider SQL Injection vulnerability Critical
CVE-2014-125029 was published for ttskch/pagination-service-provider (Composer) Jan 8, 2023
WebPA SQL Injection vulnerability Critical
CVE-2021-4308 was published for webpa/webpa (Composer) Jan 8, 2023
phpMyFAQ Improper Authentication vulnerability Critical
CVE-2023-0311 was published for thorsten/phpmyfaq (Composer) Jan 16, 2023
SQL Injection in liftkit/database Critical
CVE-2016-15020 was published for liftkit/database (Composer) Jan 16, 2023
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views Critical
CVE-2023-22731 was published for shopware/core (Composer) Jan 17, 2023
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection Critical
CVE-2023-22727 was published for cakephp/cakephp (Composer) Jan 20, 2023
ravage84
XpressEngine vulnerable to Unrestricted Upload of File with Dangerous Type Critical
CVE-2021-26642 was published for xpressengine/xpressengine (Composer) Jan 20, 2023
phpmyadmin contains SQL Injection vulnerability Critical
CVE-2020-22452 was published for phpmyadmin/phpmyadmin (Composer) Jan 26, 2023
Dompdf vulnerable to URI validation failure on SVG parsing Critical
CVE-2023-23924 was published for dompdf/dompdf (Composer) Feb 1, 2023
Blaklis
AVideo contains Command injection when embedding a video link Critical
CVE-2023-25313 was published for wwbn/avideo (Composer) Feb 2, 2023
gonzxph
tinymighty WikiSEO is vulnerable to cross-site scripting via modifyHTML function Critical
CVE-2015-10073 was published for tinymighty/wiki-seo (Composer) Feb 6, 2023
URI validation failure on SVG parsing. Bypass of CVE-2023-23924 Critical
CVE-2023-24813 was published for dompdf/dompdf (Composer) Feb 7, 2023
Ry0taK
Deserialization of Untrusted Data in thinkphp Critical
CVE-2022-45982 was published for topthink/think (Composer) Feb 8, 2023
SQL injection in webbuilders-group silverstripe-kapost-bridge Critical
CVE-2015-10077 was published for webbuilders-group/silverstripe-kapost-bridge (Composer) Feb 10, 2023
Command Injection in thorsten/phpmyfaq Critical
CVE-2023-0789 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
Code Injection in thorsten/phpmyfaq Critical
CVE-2023-0788 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
Cross-site Scripting in kimai/kimai Critical
CVE-2020-19825 was published for kimai/kimai (Composer) Feb 16, 2023
Moodle Session Fixation vulnerability Critical
CVE-2021-36394 was published for moodle/moodle (Composer) Mar 6, 2023
Moodle SQL Injection vulnerability Critical
CVE-2021-36393 was published for moodle/moodle (Composer) Mar 6, 2023
Moodle SQL Injection vulnerability Critical
CVE-2021-36392 was published for moodle/moodle (Composer) Mar 6, 2023
Remote code execution in Funadmin Critical
CVE-2023-24776 was published for funadmin/funadmin (Composer) Mar 6, 2023
SQL Injection in Funadmin Critical
CVE-2023-24781 was published for funadmin/funadmin (Composer) Mar 7, 2023
SQL Injection in Funadmin Critical
CVE-2023-24775 was published for funadmin/funadmin (Composer) Mar 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database