Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,291 advisories

Loading
phpMyFAQ Cross-site Scripting vulnerability High
CVE-2023-5864 was published for thorsten/phpmyfaq (Composer) Oct 31, 2023
Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File High
CVE-2023-46245 was published for kimai/kimai (Composer) Oct 30, 2023
ixSly
CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment High
CVE-2023-46240 was published for codeigniter4/framework (Composer) Oct 30, 2023
psuet
juzawebCMS Injection vulnerability High
CVE-2023-46468 was published for juzaweb/cms (Composer) Oct 28, 2023
Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries High
CVE-2023-40180 was published for silverstripe/graphql (Composer) Oct 17, 2023
SQL injection in librenms/librenms High
CVE-2023-5591 was published for librenms/librenms (Composer) Oct 16, 2023
Cross-Site Request Forgery (CSRF) in snipe/snipe-it High
CVE-2023-5511 was published for snipe/snipe-it (Composer) Oct 11, 2023
MediaWiki Denial of Service vulnerability High
CVE-2023-45363 was published for mediawiki/core (Composer) Oct 9, 2023
Rudloff
phpMyFAQ Cross-site Scripting vulnerability High
CVE-2023-5319 was published for thorsten/phpmyfaq (Composer) Sep 30, 2023
Composer Remote Code Execution vulnerability via web-accessible composer.phar High
CVE-2023-43655 was published for composer/composer (Composer) Sep 29, 2023
thomas-chauchefoin-sonarsource
Economizzer remote code execution vulnerability High
CVE-2023-38874 was published for gugoan/economizzer (Composer) Sep 28, 2023
Economizzer host header injection vulnerability High
CVE-2023-38877 was published for gugoan/economizzer (Composer) Sep 28, 2023
OpenCart Path Traversal vulnerability High
CVE-2023-2315 was published for opencart/opencart (Composer) Sep 27, 2023
MediaWiki malicious XML upload leads to privilege escalation High Unreviewed
CVE-2023-3550 was published for mediawiki/core (Composer) Sep 25, 2023
Composer allows cache poisoning from other projects built on the same host High
CVE-2015-8371 was published for composer/composer (Composer) Sep 21, 2023
File Upload vulnerability in Dolibarr ERP CRM High
CVE-2023-38887 was published for dolibarr/dolibarr (Composer) Sep 20, 2023
Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script High
CVE-2023-38886 was published for dolibarr/dolibarr (Composer) Sep 20, 2023
Cross site scripting in librenms High
CVE-2023-5060 was published for librenms/librenms (Composer) Sep 19, 2023
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again) High
GHSA-92jh-gwch-jq38 was published for pocketmine/pocketmine-mp (Composer) Sep 14, 2023
alvin0319 dktapps
SvenRtbg
PocketMine-MP server crash due to incorrect EC curve used for LoginPacket identityPublicKey High
GHSA-79rc-jjh6-rc89 was published for pocketmine/pocketmine-mp (Composer) Sep 14, 2023
dktapps
Cecil Path Traversal vulnerability High
CVE-2023-4914 was published for cecil/cecil (Composer) Sep 12, 2023
Magento LTS's guest order "protect code" can be brute-forced too easily High
CVE-2023-41879 was published for openmage/magento-lts (Composer) Sep 11, 2023
theroch fballiano
colinmollenhour
Command injection in pagekit High
CVE-2023-41005 was published for pagekit/pagekit (Composer) Aug 29, 2023
Craft CMS vulnerable to Remote Code Execution via validatePath bypass High
CVE-2023-40035 was published for craftcms/cms (Composer) Aug 21, 2023
awakerrday
Cockpit Cross-site Scripting vulnerability High
CVE-2023-4432 was published for cockpit-hq/cockpit (Composer) Aug 19, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database