Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,290 advisories

Loading
EC-CUBE Directory traversal vulnerability High
CVE-2020-5590 was published for ec-cube/ec-cube (Composer) May 24, 2022
WooCommerce Cross-Site Request Forgery (CSRF) High
CVE-2019-20891 was published for woocommerce/woocommerce (Composer) May 24, 2022
Dolibarr SQL injection vulnerability in accountancy/customer/card.php High
CVE-2020-14443 was published for dolibarr/dolibarr (Composer) May 24, 2022
Gravity Forms plugin leak hashed passwords High
CVE-2020-13764 was published for wp-premium/gravityforms (Composer) May 24, 2022
Image Resizer Cross-Site Request Forgery (CSRF) High
CVE-2020-13458 was published for verbb/image-resizer (Composer) May 24, 2022
Moodle vulnerable to RCE High
CVE-2020-10738 was published for moodle/moodle (Composer) May 24, 2022
Microweber allows Unrestricted File Upload High
CVE-2020-13241 was published for microweber/microweber (Composer) May 24, 2022
Subrion CMS Cross-Site Request Forgery (CSRF) vulnerability High
CVE-2019-20390 was published for intelliants/subrion (Composer) May 24, 2022
SEOmatic for CraftCMS allows Server-Side Template Injection High
CVE-2020-12790 was published for nystudio107/craft-seomatic (Composer) May 24, 2022
Incorrect Authorization in Dolibarr High
CVE-2020-12669 was published for dolibarr/dolibarr (Composer) May 24, 2022
TeamPass files are available without authentication High
CVE-2020-12478 was published for nilsteampassnet/teampass (Composer) May 24, 2022
TeamPass PHP arbitrary file include vulnerability High
CVE-2020-12479 was published for nilsteampassnet/teampass (Composer) May 24, 2022
Subrion CMS CSV injection via Export Language High
CVE-2020-12468 was published for intelliants/subrion (Composer) May 24, 2022
Dolibarr Cross-Site Request Forgery Vulnerability High
CVE-2020-11825 was published for dolibarr/dolibarr (Composer) May 24, 2022
SilverStripe Folders migrated from 3.x may be unsafe to upload to High
CVE-2020-9280 was published for silverstripe/assets (Composer) May 24, 2022
FrozenNode Laravel-Administrator unrestricted file upload High
CVE-2020-10963 was published for frozennode/administrator (Composer) May 24, 2022
CodeIgniter Improper Privilege Management High
CVE-2020-10793 was published for codeigniter4/framework (Composer) May 24, 2022
phpMyAdmin SQL Injection High
CVE-2020-10804 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
phpMyAdmin SQL injection vulnerability High
CVE-2020-10802 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
phpBB arbitrary CSS injection High
CVE-2019-16108 was published for phpbb/phpbb (Composer) May 24, 2022
Subrion CMS CSRF Vulnerability High
CVE-2018-21037 was published for intelliants/subrion (Composer) May 24, 2022
Dolibarr ERP and CRM SQLi High
CVE-2019-19209 was published for dolibarr/dolibarr (Composer) May 24, 2022
Froxlor arbitrary code execution via the database configuration options High
CVE-2020-10235 was published for froxlor/froxlor (Composer) May 24, 2022
CardGate Payments plugin for WooCommerce does not validate request origin High
CVE-2020-8819 was published for cardgate/woocommerce (Composer) May 24, 2022
Silverstripe CSRF Protection Bypass via GraphQL High
CVE-2019-12437 was published for silverstripe/graphql (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database