Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,868
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,116
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

516 advisories

Loading
Froxlor SQL injection vulnerability Critical
CVE-2021-42325 was published for froxlor/froxlor (Composer) May 24, 2022
GeniXCMS Arbitrary User Password Reset Vulnerability Critical
CVE-2017-8827 was published for genix/cms (Composer) May 17, 2022
Akeneo PIM vulnerable to shell injection in the mass edition Critical
CVE-2017-1000009 was published for akeneo/pim-community-dev (Composer) May 13, 2022
SimpleSAMLphp Use of insecure connection charset (sqlauth module) Critical
CVE-2018-6521 was published for simplesamlphp/simplesamlphp (Composer) May 13, 2022
bbPress unauthenticated privilege-escalation Critical
CVE-2020-13693 was published for bbpress/bbpress (Composer) May 24, 2022
Subrion CMS PHP Object Injection Critical
CVE-2017-5543 was published for intelliants/subrion (Composer) May 14, 2022
Symfony Authentication Bypass Critical
CVE-2018-11407 was published for symfony/security (Composer) May 14, 2022
Codiad Vulnerable to Shell Command Injection Critical
CVE-2017-11366 was published for codiad/codiad (Composer) May 13, 2022
Codiad remote code execution vulnerability Critical
CVE-2018-14009 was published for codiad/codiad (Composer) May 13, 2022
BEdita vulnerable to SQL injection Critical
CVE-2019-15570 was published for bedita/bedita (Composer) May 24, 2022
Contao SQL injection in the backend and listing module Critical
CVE-2017-16558 was published for contao/contao (Composer) May 24, 2022
Contao SQL injection in the file manager Critical
CVE-2019-11512 was published for contao/contao (Composer) May 24, 2022
Contao Does Not Expire Tokens Correctly Critical
CVE-2019-10643 was published for contao/contao (Composer) May 13, 2022
Contao Does Not Invalidate Existing Sessions When Password Changes Critical
CVE-2019-10641 was published for contao/contao (Composer) May 14, 2022
Drupal SQL Injection vulnerability Critical
CVE-2011-2715 was published for drupal/core (Composer) Apr 22, 2022
Mautic stored Cross-site Scripting (XSS) Critical
CVE-2020-35129 was published for mautic/core (Composer) May 24, 2022
ThinkPHP SQL Injection vulnerability Critical
CVE-2018-16385 was published for topthink/framework (Composer) May 14, 2022
SimpleSAMLphp Session fixation issue and authentication bypass in the authcrypt module Critical
CVE-2017-12868 was published for simplesamlphp/simplesamlphp (Composer) May 14, 2022
Blind XSS Leading to Froxlor Application Compromise Critical
CVE-2024-34070 was published for froxlor/froxlor (Composer) May 10, 2024
UmerAdeemCheema
PrestaShop cross-site scripting via customer contact form in FO, through file upload Critical
CVE-2024-34716 was published for prestashop/prestashop (Composer) May 14, 2024
matthieu-rolland aelmokhtar
Cockpit CMS contains an arbitrary file upload vulenrability Critical
CVE-2024-4825 was published for cockpit-hq/cockpit (Composer) May 14, 2024
Mautic is vulnerable to XSS vulnerability Critical
CVE-2020-35125 was published for mautic/core (Composer) May 15, 2024
nvn1729
ADOdb SQL injection vulnerability Critical
GHSA-h63c-xvpf-264j was published for adodb/adodb-php (Composer) May 15, 2024
codeigniter/framework SQL injection in ODBC database driver Critical
GHSA-27qr-636m-wxg2 was published for codeigniter/framework (Composer) May 15, 2024
contao/core Insufficient input validation allows for code injection and remote execution Critical
GHSA-wxxw-5gq6-j2g5 was published for contao/core (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database