Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,291 advisories

Loading
phpMyAdmin Unsafe comparison of XSRF/CSRF token High
CVE-2016-2041 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin Denial Of Service (DOS) attack High
CVE-2016-5706 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
decsecre583
phpMyAdmin vulnerable to Cross-Site Request Forgery High
CVE-2016-5739 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Elefant CMS CSRF Vulnerability High
CVE-2018-16387 was published for elefant/cms (Composer) May 14, 2022
CakePHP allows remote attackers to spoof their IP High
CVE-2016-4793 was published for cakephp/cakephp (Composer) May 14, 2022
ravage84 tdunlap607
Gleez CMS CSRF Allows Adding of Administrator Accounts High
CVE-2018-15845 was published for gleez/cms (Composer) May 14, 2022
Symfony Host Header Injection High
CVE-2018-14774 was published for symfony/symfony (Composer) May 14, 2022
Pimcore CSRF Vulnerability High
CVE-2018-14057 was published for pimcore/pimcore (Composer) May 14, 2022
PHPMailer susceptible to arbitrary code execution High
CVE-2008-5619 was published for phpmailer/phpmailer (Composer) May 14, 2022
jhutchings1
CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter High
CVE-2015-8379 was published for cakephp/cakephp (Composer) May 14, 2022
ravage84
phpMyAdmin vulnerable to static code injection High
CVE-2011-2506 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin Directory Traversal vulnerability High
CVE-2011-2508 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
SimpleSAMLphp SAML2 library Regular Expression Denial of Service vulnerability High
CVE-2018-6519 was published for simplesamlphp/saml2 (Composer) May 14, 2022
OpenCart Cross-Site Request Forgery (CSRF) High
CVE-2018-13067 was published for opencart/opencart (Composer) May 14, 2022
OS Command Injection in baserCMS High
CVE-2018-0569 was published for baserproject/basercms (Composer) May 14, 2022
phpMyAdmin server-side request forgery (SSRF) High
CVE-2016-6621 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin PHP code injection High
CVE-2016-6609 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
OpenCart Path Traversal High
CVE-2018-11494 was published for opencart/opencart (Composer) May 14, 2022
Moodle Portfolio script allows instantiation of class chosen by user High
CVE-2018-1137 was published for moodle/moodle (Composer) May 14, 2022
phpMyAdmin CSRF vulnerability allowing arbitrary SQL execution High
CVE-2018-10188 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Dolibarr SQL injection vulnerability High
CVE-2017-18260 was published for dolibarr/dolibarr (Composer) May 14, 2022
Dolibarr SQL injection via type parameter in product/stats/card.php High
CVE-2017-9839 was published for dolibarr/dolibarr (Composer) May 14, 2022
QuickAppsCMS Cross-Site Request Forgery (CSRF) High
CVE-2018-9108 was published for quickapps/cms (Composer) May 14, 2022
SimpleSAMLphp saml2 incorrect signature validation High
CVE-2018-7711 was published for simplesamlphp/saml2 (Composer) May 14, 2022
Drupal Comment reply form allows access to restricted content High
CVE-2017-6926 was published for drupal/core (Composer) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database