Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,336
NuGet
764
pip
4,111
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,346 advisories

Loading
Yii Framework Cross-Site Request Forgery (CSRF) High
CVE-2018-6009 was published for yiisoft/yii2 (Composer) May 14, 2022
XXE Vulnerability in XMLBundle 0.1.7 High
CVE-2017-1000477 was published for desperado/xml-bundle (Composer) May 14, 2022
phpBB Server-Side Request Forgery (SSRF) High
CVE-2017-1000419 was published for phpbb/phpbb (Composer) May 14, 2022
Dolibarr sensitive information disclosure High
CVE-2017-17898 was published for dolibarr/dolibarr (Composer) May 14, 2022
TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code High
CVE-2014-3942 was published for typo3/cms (Composer) May 14, 2022
TeamPass arbitrary file upload vulnerability High
CVE-2017-15054 was published for nilsteampassnet/teampass (Composer) May 17, 2022
CodeIgniter HTTP Header Injection High
CVE-2017-1000247 was published for codeigniter4/framework (Composer) May 17, 2022
TYPO3 Arbitrary Code Execution High
CVE-2017-14251 was published for typo3/cms (Composer) May 17, 2022
Zeta Components Mail Arbitrary code execution via a crafted email address High
CVE-2017-15806 was published for zetacomponents/mail (Composer) May 17, 2022
Zend Framework Information Disclosure High
CVE-2015-7503 was published for zendframework/zend-crypt (Composer) May 17, 2022
GeniXCMS arbitrary PHP code execution High
CVE-2017-14764 was published for genix/cms (Composer) May 17, 2022
Dolibarr ERP and CRM Sensitive Data Disclosure High
CVE-2017-14240 was published for dolibarr/dolibarr (Composer) May 17, 2022
Smarty arbitrary PHP code execution High
CVE-2014-8350 was published for smarty/smarty (Composer) May 17, 2022
CoolURI extension for TYPO3 vulnerable to SQL Injection High
CVE-2013-5322 was published for bednee/cooluri (Composer) May 17, 2022
News system (news) extension for TYPO3 vulnerable to SQL Injection High
CVE-2013-4748 was published for georgringer/news (Composer) May 17, 2022
Symfony Arbitrary PHP code Execution High
CVE-2013-1397 was published for symfony/symfony (Composer) May 17, 2022
Symphony Vulnerable to PHP Code Injection via YAML Parsing High
CVE-2013-1348 was published for symfony/symfony (Composer) May 17, 2022
Webkit PDFs for TYPO3 has SQL Injection vulnerability High
CVE-2010-4961 was published for dmk/webkitpdf (Composer) May 17, 2022
Webkit PDFs for TYPO3 allows remote attackers to execute arbitrary commands High
CVE-2010-4962 was published for dmk/webkitpdf (Composer) May 17, 2022
ViMbAdmin CSRF Vulnerabilities High
CVE-2017-6086 was published for opensolutions/vimbadmin (Composer) May 17, 2022
Drupal Node Validation Bypass in the node module API High
CVE-2008-4793 was published for drupal/drupal (Composer) May 17, 2022
Authenticated RCE in Zen Cart 1.5.5e High
CVE-2017-11675 was published for zencart/zencart (Composer) May 17, 2022
phpMyAdmin Cookie attribute injection attack High
CVE-2017-1000016 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
MODX Revolution blind SQL injection High
CVE-2017-1000067 was published for modx/revolution (Composer) May 17, 2022
Drupal Cross-Site Request Forgery (CSRF) High
CVE-2017-6379 was published for drupal/core (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database