Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,722
Maven
5,000+
npm
4,329
NuGet
762
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,343 advisories

Loading
Grav Server-side Template Injection (SSTI) via Twig Default Filters High
CVE-2023-34252 was published for getgrav/grav (Composer) Jun 16, 2023
jacobsoo
Credited to jacobsoo
ipandlanguageredirect extension vulnerable to SQL Injection High
CVE-2023-35782 was published for in2code/ipandlanguageredirect (Composer) Jun 16, 2023
Magento Open Source allows Improper Neutralization of Special Elements Used High
CVE-2023-29297 was published for magento/community-edition (Composer) Jun 15, 2023
elFinder vulnerable to path traversal in LocalVolumeDriver connector High
CVE-2023-35840 was published for studio-42/elfinder (Composer) Jun 14, 2023
sectroyer
Credited to sectroyer
Dolibarr vulnerable to unauthenticated database access High
CVE-2023-33568 was published for dolibarr/dolibarr (Composer) Jun 13, 2023
Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability High
CVE-2023-30179 was published for craftcms/cms (Composer) Jun 13, 2023 withdrawn
angrybrad
Credited to angrybrad
Froxlor vulnerable to Path Traversal High
CVE-2023-3172 was published for froxlor/froxlor (Composer) Jun 9, 2023
PocketMine-MP vulnerable to improperly checked dropped item count leading to server crash High
GHSA-h87r-f4vc-mchv was published for pocketmine/pocketmine-mp (Composer) Jun 6, 2023
dktapps
Credited to dktapps
PocketMine-MP vulnerable to server crash with certain invalid JSON payloads in `LoginPacket` due to vulnerable dependency High
GHSA-pqp3-8rrw-g8vm was published for pocketmine/pocketmine-mp (Composer) Jun 6, 2023
aderoian dktapps
Credited to aderoian and dktapps
TeamPass vulnerable to stored Cross-site Scripting High
CVE-2023-3084 was published for nilsteampassnet/teampass (Composer) Jun 3, 2023
TeamPass vulnerable to stored Cross-site Scripting High
CVE-2023-3083 was published for nilsteampassnet/teampass (Composer) Jun 3, 2023
Dolibarr vulnerable to remote code execution via uppercase manipulation High
CVE-2023-30253 was published for dolibarr/dolibarr (Composer) May 29, 2023
Code injection in nilsteampassnet/teampass High
CVE-2023-2859 was published for nilsteampassnet/teampass (Composer) May 24, 2023
Craft CMS vulnerable to Remote Code Execution via unrestricted file extension High
CVE-2023-32679 was published for craftcms/cms (Composer) May 22, 2023
awakerrday
Credited to awakerrday
RosarioSIS Stores Sensitive Data in a Mechanism without Access Control High
CVE-2023-2665 was published for francoisjacquet/rosariosis (Composer) May 19, 2023
pimcore/customer-management-framework-bundle has SQL Injection vulnerability in Segment Assignment query High
CVE-2023-2756 was published for pimcore/customer-management-framework-bundle (Composer) May 17, 2023
JoMC98
Credited to JoMC98
WWBN AVideo command injection vulnerability High
CVE-2023-32073 was published for wwbn/avideo (Composer) May 12, 2023
jmrcsnchz
Credited to jmrcsnchz
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter High
CVE-2023-30130 was published for craftcms/cms (Composer) May 12, 2023
Embedding untrusted input inside CSV files leads to Formula Injection/CSV Injection High
CVE-2023-2629 was published for pimcore/customer-management-framework-bundle (Composer) May 11, 2023
sampritdas8
Credited to sampritdas8
teampass vulnerable to code injection High
CVE-2023-2591 was published for nilsteampassnet/teampass (Composer) May 9, 2023
Cross Site Scripting in thorsten/phpmyfaq High
CVE-2023-2550 was published for thorsten/phpmyfaq (Composer) May 5, 2023
Moodle SQL Injection vulnerability High
CVE-2023-30944 was published for moodle/moodle (Composer) May 2, 2023
WWBN/AVideo stored XSS vulnerability leads to takeover of any user's account, including admin's account High
CVE-2023-30860 was published for wwbn/avideo (Composer) May 1, 2023
gonzxph
Credited to gonzxph
Remote code injection in wwbn/avideo High
CVE-2023-30854 was published for wwbn/avideo (Composer) Apr 27, 2023
jmrcsnchz
Credited to jmrcsnchz
SQL Injection in AssetController High
CVE-2023-2338 was published for pimcore/pimcore (Composer) Apr 27, 2023
rekter0
Credited to rekter0
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database