GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,110
NuGet
735
pip
3,933
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+
515 advisories
Filter by severity
SQL Injection in rosariosis
Critical
CVE-2021-44427
was published
for
francoisjacquet/rosariosis
(Composer)
Dec 2, 2021
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS
Critical
CVE-2021-41243
was published
for
baserproject/basercms
(Composer)
Dec 1, 2021
Webcache Poisoning in shopware/platform and shopware/core
Critical
GHSA-r64m-qchj-hrjp
was published
for
shopware/core
(Composer)
Nov 24, 2021
Moodle vulnerable to RCE via unsafe deserialization
Critical
CVE-2021-3943
was published
for
moodle/moodle
(Composer)
Nov 23, 2021
Incorrect Access Control in Ignition
Critical
CVE-2021-43996
was published
for
facade/ignition
(Composer)
Nov 19, 2021
DBAL 3 SQL Injection Security Vulnerability
Critical
CVE-2021-43608
was published
for
doctrine/dbal
(Composer)
Nov 16, 2021
XML External Entity vulnerability in MODX CMS
Critical
CVE-2020-25911
was published
for
modx/revolution
(Composer)
Nov 1, 2021
Showdoc File Upload Vulnerability
Critical
CVE-2021-41745
was published
for
showdoc/showdoc
(Composer)
Oct 25, 2021
SQL Injection in medoo
Critical
CVE-2019-10762
was published
for
catfan/medoo
(Composer)
Oct 12, 2021
Critical severity vulnerability in Ignition
Critical
CVE-2020-13909
was published
for
facade/ignition
(Composer)
Oct 12, 2021
SQL Injection in topthink/thinkphp
Critical
CVE-2020-20120
was published
for
topthink/thinkphp
(Composer)
Sep 30, 2021
Directory Traversal in typo3/phar-stream-wrapper
Critical
CVE-2019-11831
was published
for
drupal/core
(Composer)
Sep 30, 2021
Improper Access Control in Webauthn Framework
Critical
CVE-2021-38299
was published
for
web-auth/webauthn-framework
(Composer)
Sep 29, 2021
Unrestricted File Upload in ShowDoc v2.9.5
Critical
CVE-2021-36440
was published
for
showdoc/showdoc
(Composer)
Sep 9, 2021
Exposure of Sensitive Information to an Unauthorized Actor
Critical
CVE-2021-32711
was published
for
shopware/platform
(Composer)
Sep 8, 2021
SQL Injection in Subrion CMS
Critical
CVE-2020-18155
was published
for
intelliants/subrion
(Composer)
Sep 8, 2021
SQL injection in TYPO3 extension
Critical
CVE-2021-38302
was published
for
ecodev/newsletter
(Composer)
Sep 2, 2021
Deserialization of Untrusted Data in codeception/codeception
Critical
CVE-2021-23420
was published
for
codeception/codeception
(Composer)
Sep 1, 2021
Code injection in codiad
Critical
CVE-2019-19208
was published
for
codiad/codiad
(Composer)
Sep 1, 2021
Dolibarr Cross-site Scripting vulnerability
Critical
CVE-2021-25955
was published
for
dolibarr/dolibarr
(Composer)
Aug 30, 2021
SafeCurl before 0.9.2 has a DNS rebinding vulnerability.
Critical
CVE-2020-36474
was published
for
vanilla/safecurl
(Composer)
Aug 25, 2021
Code injection in topthink/think
Critical
CVE-2020-17952
was published
for
topthink/think
(Composer)
Aug 9, 2021
Craft CMS Remote Code Injection
Critical
CVE-2021-27903
was published
for
craftcms/cms
(Composer)
Jul 2, 2021
Time-of-check Time-of-use (TOCTOU) Race Condition in league/flysystem
Critical
CVE-2021-32708
was published
for
league/flysystem
(Composer)
Jun 29, 2021
Deserialization of Untrusted Data in NukeViet
Critical
CVE-2019-7725
was published
for
nukeviet/nukeviet
(Composer)
Jun 22, 2021
ProTip!
Advisories are also available from the
GraphQL API