Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

694 advisories

Loading
Code injection via property expansion in SoapUI High
CVE-2014-1202 was published for com.smartbear.soapui:soapui (Maven) May 17, 2022
q5438722
Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1 High
CVE-2013-1777 was published for org.apache.geronimo.framework:geronimo-jmx-remoting (Maven) May 17, 2022
westonsteimel MarkLee131
Pimcore Vulnerable to PHP Object Injection Attacks High
CVE-2014-2921 was published for pimcore/pimcore (Composer) May 17, 2022
TYPO3 vulnerable to remote authenticated arbitrary code execution High
CVE-2013-4321 was published for typo3/cms (Composer) May 17, 2022
Yii PHP Framework arbitrary PHP scripts execution High
CVE-2014-4672 was published for yiisoft/yii (Composer) May 17, 2022
Plone Sandbox Bypass Moderate
CVE-2012-5493 was published for Plone (pip) May 17, 2022
Plone python code injection Critical
CVE-2012-5495 was published for plone (pip) May 17, 2022
Plone Code Injection vulnerability High
CVE-2012-5488 was published for Plone (pip) May 17, 2022
tdunlap607
Plone Code Injection vulnerability High
CVE-2012-5485 was published for Plone (pip) May 17, 2022
TYPO3 powermail extension has unrestricted file upload vulnerability High
CVE-2014-3947 was published for in2code/powermail (Composer) May 17, 2022
Cobbler vulnerable to code injection via unsafe YAML loading Moderate
CVE-2011-4953 was published for cobbler (pip) May 17, 2022
Improper Control of Generation of Code in HawtJNI Moderate
CVE-2013-2035 was published for org.fusesource.hawtjni:hawtjni-runtime (Maven) May 17, 2022
Drupal arbitrary code execution High
CVE-2016-3171 was published for drupal/core (Composer) May 17, 2022
Jenkins allows for Code Execution via Crafted Packet to the CLI Moderate
CVE-2014-3666 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Slim vulnerable to PHP object injection High
CVE-2015-2171 was published for slim/slim (Composer) May 17, 2022
Symfony Vulnerable to PHP Eval Injection Moderate
CVE-2015-2308 was published for symfony/http-kernel (Composer) May 17, 2022
Improper Control of Generation of Code ('Code Injection') in Spring Framework Moderate
CVE-2010-1622 was published for org.springframework:spring (Maven) May 17, 2022
sunSUNQ
Code injection in Apache Struts High
CVE-2013-4316 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Sup Code Injection vulnerability Moderate
CVE-2013-4479 was published for sup (RubyGems) May 17, 2022
Code Injection in Django Critical
CVE-2014-0472 was published for Django (pip) May 17, 2022
MarkLee131
phpMyAdmin Code Injection vulnerability Critical
CVE-2016-5734 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
phpMyAdmin Remote code execution vulnerability when PHP is running with dbase extension High
CVE-2016-6633 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Authenticated RCE in Zen Cart 1.5.5e High
CVE-2017-11675 was published for zencart/zencart (Composer) May 17, 2022
Cobbler Web Interface Kickstart Template Remote Privilege Escalation Vulnerability High
CVE-2008-6954 was published for cobbler (pip) May 17, 2022
Webkit PDFs for TYPO3 allows remote attackers to execute arbitrary commands High
CVE-2010-4962 was published for dmk/webkitpdf (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database