Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,300
NuGet
760
pip
4,078
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

530 advisories

Loading
Contao SQL injection in the backend and listing module Critical
CVE-2017-16558 was published for contao/contao (Composer) May 24, 2022
LibreNMS arbitrary OS commands execution Critical
CVE-2018-20434 was published for librenms/librenms (Composer) May 24, 2022
Incorrect Calculation in moodle Critical
CVE-2022-30600 was published for moodle/moodle (Composer) May 19, 2022
SQL injection in moodle Critical
CVE-2022-30599 was published for moodle/moodle (Composer) May 19, 2022
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability Critical
CVE-2014-4172 was published for DotNetCasClient (Composer) May 17, 2022
MarkLee131
Credited to MarkLee131
Apache Solr for TYPO3 (solr) extension is vulnerable to Insecure Unserialize Critical
CVE-2013-6288 was published for apache-solr-for-typo3/solr (Composer) May 17, 2022
TYPO3 vulnerable to authentication bypass via leveraging knowledge of password hash Critical
CVE-2014-3945 was published for typo3/cms (Composer) May 17, 2022
Zend Framework SQL injection vector using null byte for PDO Critical
CVE-2015-7695 was published for zendframework/zendframework1 (Composer) May 17, 2022
Froxlor guessable password reset token Critical
CVE-2016-5100 was published for froxlor/froxlor (Composer) May 17, 2022
CodeIgniter arbitrary code execution Critical
CVE-2016-10131 was published for bcit-ci/codeigniter (Composer) May 17, 2022
TeamPass vulnerable to SQL Injection Critical
CVE-2015-7564 was published for nilsteampassnet/teampass (Composer) May 17, 2022
GeniXCMS Arbitrary User Password Reset Vulnerability Critical
CVE-2017-8827 was published for genix/cms (Composer) May 17, 2022
Dolibarr ERP and CRM Insecure Encryption Critical
CVE-2017-7888 was published for dolibarr/dolibarr (Composer) May 17, 2022
Dolibarr SQL Injection in doli/theme/eldy/style.css.php via the lang parameter Critical
CVE-2017-7886 was published for dolibarr/dolibarr (Composer) May 17, 2022
Dolibarr ERP and CRM SQLi Critical
CVE-2017-9435 was published for dolibarr/dolibarr (Composer) May 17, 2022
TeamPass SQL injection in users.queries.php Critical
CVE-2017-9436 was published for nilsteampassnet/teampass (Composer) May 17, 2022
phpMyAdmin Code Injection vulnerability Critical
CVE-2016-5734 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
phpMyAdmin Authentication Bypass Critical
CVE-2016-6629 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
ADOdb Library SQL Injection Critical
CVE-2016-7405 was published for adodb/adodb-php (Composer) May 17, 2022
phpMyAdmin CSRF Vulnerability Critical
CVE-2016-9866 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Moodle SQL injection via user preferences Critical
CVE-2017-2641 was published for moodle/moodle (Composer) May 17, 2022
Dolibarr SQL injection vulnerability in don/list.php Critical
CVE-2017-14242 was published for dolibarr/dolibarr (Composer) May 17, 2022
Dolibarr SQL injection vulnerability in admin/menus/edit.php Critical
CVE-2017-14238 was published for dolibarr/dolibarr (Composer) May 17, 2022
CodeIgniter and Kohana vulnerable to PHP Object Injection Critical
CVE-2014-8684 was published for codeigniter/framework (Composer) May 17, 2022
Swift Mailer mail transport Command Injection Critical
CVE-2016-10074 was published for swiftmailer/swiftmailer (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database