Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,308
NuGet
760
pip
4,081
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,331 advisories

Loading
Fix failure to strip Authorization header on HTTP downgrade High
CVE-2022-31043 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell
Credited to GrahamCampbell
Improperly checked IDs on itemstacks received from the client leading to server crash in PocketMine-MP High
GHSA-fqx3-r75h-vc89 was published for pocketmine/pocketmine-mp (Composer) Jun 7, 2022
Command injection in librenms High
CVE-2022-29712 was published for librenms/librenms (Composer) Jun 3, 2022
Possible cross-site scripting attack via unsanitized SVG files in FoF Upload High
CVE-2022-30999 was published for fof/upload (Composer) May 25, 2022
Caesar302
Credited to Caesar302
PHP Code Injection by malicious block or filename in Smarty High
CVE-2022-29221 was published for smarty/smarty (Composer) May 25, 2022
altm4n
Credited to altm4n
Cross-domain cookie leakage in Guzzle High
CVE-2022-29248 was published for guzzlehttp/guzzle (Composer) May 25, 2022
SQL injection in helloxz/imgurl High
CVE-2022-29305 was published for helloxz/imgurl (Composer) May 25, 2022
Magento remote code execution vulnerability High
CVE-2019-8154 was published for magento/community-edition (Composer) May 24, 2022
Typo3 Vulnerable to Insecure Deserialization High
CVE-2019-12747 was published for typo3/cms (Composer) May 24, 2022
TYPO3 Image Processing susceptible to Code Execution High
CVE-2019-11832 was published for typo3/cms (Composer) May 24, 2022
ohader
Credited to ohader
Moodle contains CSRF vulnerability High
CVE-2021-43559 was published for moodle/moodle (Composer) May 24, 2022
Unrestricted File Upload vulnerability in Firefly III High
CVE-2021-3846 was published for grumpydictator/firefly-iii (Composer) May 24, 2022
Magento XML Injection vulnerability in the 'City' field High
CVE-2021-36020 was published for magento/community-edition (Composer) May 24, 2022
Magento XML Injection vulnerability in the Widgets Update Layout High
CVE-2021-36022 was published for magento/community-edition (Composer) May 24, 2022
Magento is affected by an os command injection via the Data collection endpoint High
CVE-2021-36024 was published for magento/community-edition (Composer) May 24, 2022
Magento improper authorization vulnerability High
CVE-2021-36029 was published for magento/community-edition (Composer) May 24, 2022
Magento allows attackers to alter the price of items High
CVE-2021-36030 was published for magento/community-edition (Composer) May 24, 2022
Magento Path Traversal vulnerability via the `theme[preview_image]` parameter High
CVE-2021-36031 was published for magento/community-edition (Composer) May 24, 2022
Magento is affected by an improper input validation vulnerability High
CVE-2021-36032 was published for magento/community-edition (Composer) May 24, 2022
Magento affected by remote code execution via a file upload High
CVE-2021-36034 was published for magento/community-edition (Composer) May 24, 2022
Magento vulnerable to file upload attack High
CVE-2021-36041 was published for magento/community-edition (Composer) May 24, 2022
Magento affected by a blind SSRF vulnerability in the bundled dotmailer extension High
CVE-2021-36043 was published for magento/community-edition (Composer) May 24, 2022
Magento affected by a server-side denial-of-service using a GraphQL field High
CVE-2021-36044 was published for magento/community-edition (Composer) May 24, 2022
EC-CUBE Improper access control vulnerability High
CVE-2021-20778 was published for ec-cube/ec-cube (Composer) May 24, 2022
Magento Violation of Secure Design Principles vulnerability in RMA PDF filename formats High
CVE-2021-28583 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database