Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,300
NuGet
760
pip
4,078
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,330 advisories

Loading
TeamPass information exposure vulnerability High
CVE-2023-3553 was published for nilsteampassnet/teampass (Composer) Jul 8, 2023
TeamPass vulnerable to Improper Encoding or Escaping of Output High
CVE-2023-3552 was published for nilsteampassnet/teampass (Composer) Jul 8, 2023
Archive_Tar contains Potential RCE if filename starts with phar:// High
CVE-2018-1000888 was published for pear/archive_tar (Composer) Jul 7, 2023
TeamPass Cross-site Scripting vulnerability High
CVE-2023-3531 was published for nilsteampassnet/teampass (Composer) Jul 6, 2023
league/oauth2-server key exposed in exception message when passing as a string and providing an invalid pass phrase High
CVE-2023-37260 was published for league/oauth2-server (Composer) Jul 6, 2023
MHC03 christianmeller
Credited to MHC03 and christianmeller
Admidio Improper Neutralization of Formula Elements in a CSV File vulnerability High
CVE-2023-3302 was published for admidio/admidio (Composer) Jun 23, 2023
RaspAP raspap-webgui Command Injection vulnerability High
CVE-2023-30260 was published for billz/raspap-webgui (Composer) Jun 23, 2023
Moodle vulnerable to Server Side Request Forgery High
CVE-2023-35133 was published for moodle/moodle (Composer) Jun 22, 2023
GilaCMS Cross Site Request Forgery vulnerability High
CVE-2020-20726 was published for gilacms/gila (Composer) Jun 20, 2023
Duplicate Advisory: elFinder vulnerable to path traversal in LocalVolumeDriver connector High
GHSA-3p2q-mh7q-9pxj was published for studio-42/elfinder (Composer) Jun 19, 2023 withdrawn
Grav Server-side Template Injection (SSTI) via Twig Default Filters High
CVE-2023-34448 was published for getgrav/grav (Composer) Jun 16, 2023
jacobsoo
Credited to jacobsoo
Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability High
CVE-2023-34253 was published for getgrav/grav (Composer) Jun 16, 2023
jacobsoo
Credited to jacobsoo
Grav Server-side Template Injection (SSTI) via Twig Default Filters High
CVE-2023-34252 was published for getgrav/grav (Composer) Jun 16, 2023
jacobsoo
Credited to jacobsoo
ipandlanguageredirect extension vulnerable to SQL Injection High
CVE-2023-35782 was published for in2code/ipandlanguageredirect (Composer) Jun 16, 2023
Magento Open Source allows Improper Neutralization of Special Elements Used High
CVE-2023-29297 was published for magento/community-edition (Composer) Jun 15, 2023
elFinder vulnerable to path traversal in LocalVolumeDriver connector High
CVE-2023-35840 was published for studio-42/elfinder (Composer) Jun 14, 2023
sectroyer
Credited to sectroyer
Dolibarr vulnerable to unauthenticated database access High
CVE-2023-33568 was published for dolibarr/dolibarr (Composer) Jun 13, 2023
Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability High
CVE-2023-30179 was published for craftcms/cms (Composer) Jun 13, 2023 withdrawn
angrybrad
Credited to angrybrad
Froxlor vulnerable to Path Traversal High
CVE-2023-3172 was published for froxlor/froxlor (Composer) Jun 9, 2023
PocketMine-MP vulnerable to improperly checked dropped item count leading to server crash High
GHSA-h87r-f4vc-mchv was published for pocketmine/pocketmine-mp (Composer) Jun 6, 2023
dktapps
Credited to dktapps
PocketMine-MP vulnerable to server crash with certain invalid JSON payloads in `LoginPacket` due to vulnerable dependency High
GHSA-pqp3-8rrw-g8vm was published for pocketmine/pocketmine-mp (Composer) Jun 6, 2023
aderoian dktapps
Credited to aderoian and dktapps
TeamPass vulnerable to stored Cross-site Scripting High
CVE-2023-3084 was published for nilsteampassnet/teampass (Composer) Jun 3, 2023
TeamPass vulnerable to stored Cross-site Scripting High
CVE-2023-3083 was published for nilsteampassnet/teampass (Composer) Jun 3, 2023
Dolibarr vulnerable to remote code execution via uppercase manipulation High
CVE-2023-30253 was published for dolibarr/dolibarr (Composer) May 29, 2023
Code injection in nilsteampassnet/teampass High
CVE-2023-2859 was published for nilsteampassnet/teampass (Composer) May 24, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database