Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,291 advisories

Loading
Dolibarr arbitrary commands execution High
CVE-2018-10092 was published for dolibarr/dolibarr (Composer) May 13, 2022
Moodle calculated question type allows remote code execution by Question authors High
CVE-2018-1133 was published for moodle/moodle (Composer) May 13, 2022
SEOmatic plugin for Craft CMS SSTI Vulnerability High
CVE-2018-14716 was published for nystudio107/craft-seomatic (Composer) May 13, 2022
Joomla RCE Vulnerability High
CVE-2018-17856 was published for joomla/framework (Composer) May 13, 2022
RCE in baserCMS before 4.1.4 High
CVE-2018-18942 was published for baserproject/basercms (Composer) May 13, 2022
Craft CMS PHP Code Injection Vulnerability High
CVE-2018-3814 was published for craftcms/cms (Composer) May 13, 2022
WPGlobus plugin Stored XSS & CSRF security vulnerability High
CVE-2018-5361 was published for wpglobus/wpglobus (Composer) May 13, 2022
Yii Framework reflected Cross-site Scripting High
CVE-2018-6010 was published for yiisoft/yii2 (Composer) May 13, 2022
Drupal Core Remote Code Execution Vulnerability High
CVE-2019-6340 was published for drupal/core (Composer) May 13, 2022
October CMS Local File Inclusion High
CVE-2018-1999009 was published for october/october (Composer) May 13, 2022
October CMS PHP Code Execution High
CVE-2017-1000119 was published for october/cms (Composer) May 13, 2022
October CMS CSRF High
CVE-2017-16244 was published for october/october (Composer) May 13, 2022
daftspunk
Pimcore Unserialize Remote Code Execution High
CVE-2019-10867 was published for pimcore/pimcore (Composer) May 13, 2022
SQL Injection in Zenario 7.1-7.6 High
CVE-2018-5960 was published for tribalsystems/zenario (Composer) May 13, 2022
CSRF in baserCMS 3.0.10 and earlier High
CVE-2016-4879 was published for baserproject/basercms (Composer) May 13, 2022
PEAR core file overwrite vulnerability High
CVE-2017-5630 was published for pear/pear (Composer) May 13, 2022
The Direct Mail (direct_mail) TYPO3 extension improperly discloses sensitive information High
CVE-2013-7400 was published for directmailteam/direct-mail (Composer) May 13, 2022
Moodle Improper Authentication High
CVE-2018-1082 was published for moodle/moodle (Composer) May 13, 2022
Moodle Login CSRF vulnerability in login form High
CVE-2018-16854 was published for moodle/moodle (Composer) May 13, 2022
Moodle XML import of ddwtos could lead to intentional remote code execution High
CVE-2018-14630 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Drupal REST API can bypass comment approval High
CVE-2017-6924 was published for drupal/core (Composer) May 13, 2022
Sensitive Cookie Without HttpOnly and Secure Flag High
CVE-2017-1000046 was published for mautic/core (Composer) May 13, 2022
Arbitrary file delete in baserCMS High
CVE-2017-10843 was published for baserproject/basercms (Composer) May 13, 2022
Contao Core directory traversal vulnerability High
CVE-2017-10993 was published for contao/contao (Composer) May 13, 2022
GeniXCMS arbitrary PHP code execution High
CVE-2017-14763 was published for genix/cms (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database