Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,662
Maven
5,000+
npm
4,292
NuGet
760
pip
4,070
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

530 advisories

Loading
Cross site scripting in FacturaScripts Critical
CVE-2022-1514 was published for facturascripts/facturascripts (Composer) Apr 29, 2022
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE Critical
CVE-2021-32682 was published for studio-42/elfinder (Composer) Jun 16, 2021
thomas-chauchefoin-sonarsource
Credited to thomas-chauchefoin-sonarsource
Dolibarr Cross-site Scripting vulnerability Critical
CVE-2021-25955 was published for dolibarr/dolibarr (Composer) Aug 30, 2021
himiklab yii2-jqgrid-widget vulnerable to SQL Injection Critical
CVE-2014-125051 was published for himiklab/yii2-jqgrid-widget (Composer) Jan 6, 2023
PrestaShop eval injection possible if shop vulnerable to SQL injection Critical
CVE-2022-31181 was published for prestashop/prestashop (Composer) Jul 29, 2022
Duplicate Advisory GHSA-hrgx-p36p-89q4 Critical
CVE-2022-36408 was published for prestashop/prestashop (Composer) Jul 23, 2022 withdrawn
SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation" Critical
CVE-2022-35628 was published for in2code/lux (Composer) Jul 15, 2022
Path traversal in Concrete CMS Critical
CVE-2022-30117 was published for concrete5/core (Composer) Jun 25, 2022
Deserialization of Untrusted Data in topthink/framework Critical
CVE-2022-33107 was published for topthink/framework (Composer) Jun 30, 2022
SQL Injection in RosarioSIS Critical
CVE-2022-2067 was published for francoisjacquet/rosariosis (Composer) Jun 14, 2022
Code Injection in SEOmatic Critical
CVE-2021-41749 was published for nystudio107/craft-seomatic (Composer) Jun 13, 2022
Unserialized Pop Chain in Laravel Critical
CVE-2022-31279 was published for laravel/laravel (Composer) Jun 8, 2022 withdrawn
mir-hossein
Credited to mir-hossein
ThinkPHP deserialization vulnerability Critical
CVE-2022-38352 was published for topthink/framework (Composer) Sep 16, 2022
Rank Math SEO plugin vulnerable to Server-Side Request Forgery Critical
CVE-2022-36376 was published for rankmath/seo-by-rank-math (Composer) Sep 10, 2022
Cross site scripting in facturascripts Critical
CVE-2022-1457 was published for neorazorx/facturascripts (Composer) Apr 26, 2022
Remote Code Execution in Laravel Critical
CVE-2021-43503 was published for laravel/laravel (Composer) Apr 9, 2022 withdrawn
mir-hossein
Credited to mir-hossein
SQL injection in pagekit/pagekit Critical
CVE-2021-44135 was published for pagekit/pagekit (Composer) Apr 2, 2022
SQL Injection in ImpressCMS Critical
CVE-2021-26599 was published for impresscms/impresscms (Composer) Mar 29, 2022
Sandbox bypass in fenom Critical
CVE-2021-46433 was published for fenom/fenom (Composer) Mar 29, 2022
Type Confusion in ImpressCMS Critical
CVE-2021-26600 was published for impresscms/impresscms (Composer) Mar 29, 2022
Remote Code Execution in Contao Managed Edition Critical
CVE-2022-26265 was published for contao/managed-edition (Composer) Mar 20, 2022
Unrestricted Upload of File with Dangerous Type in Zenario CMS Critical
CVE-2021-42171 was published for tribalsystems/zenario (Composer) Mar 15, 2022
DQL injection through sorting parameters blocked Critical
CVE-2022-24752 was published for sylius/grid-bundle (Composer) Mar 15, 2022
dbalabka
Credited to dbalabka
Cross-site Scripting in showdoc/showdoc Critical
CVE-2022-0960 was published for showdoc/showdoc (Composer) Mar 15, 2022
SQL Injection in WordPress Zero Spam WordPress plugin Critical
CVE-2022-0254 was published for bmarshall511/wordpress_zero_spam (Composer) Mar 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database