Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,291 advisories

Loading
Cleartext storage of session identifier High
CVE-2020-26228 was published for typo3/cms (Composer) Nov 23, 2020
liayn bmack
ohader
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS High
CVE-2020-15098 was published for typo3/cms (Composer) Jul 29, 2020
ohader
Firewall configured with unanimous strategy was not actually unanimous in Symfony High
CVE-2020-5275 was published for symfony/security (Composer) Mar 30, 2020
ajgarlag chalasr
Backend Same-Site Request Forgery in TYPO3 CMS High
CVE-2020-11069 was published for typo3/cms (Composer) May 13, 2020
ohader
Insecure Deserialization in Backend User Settings in TYPO3 CMS High
CVE-2020-11067 was published for typo3/cms (Composer) May 13, 2020
ohader
Code injection in Twig High
CVE-2022-23614 was published for twig/twig (Composer) Feb 10, 2022
Deserialization of untrusted data in Symfony High
CVE-2019-10912 was published for symfony/cache (Composer) Feb 12, 2020
XSS vulnerability on asset view High
CVE-2021-27912 was published for mautic/core (Composer) Sep 1, 2021
MatisAct rohitp19
XSS in Mautic High
CVE-2021-3142 was published for mautic/core (Composer) Jan 29, 2021
dennisameling
Using JS libraries with known security vulnerabilities High
CVE-2019-8121 was published for magento/community-edition (Composer) Nov 12, 2019
Exposure of Resource to Wrong Sphere in Drupal Core High
CVE-2020-13670 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
Cross-domain cookie leakage in Guzzle High
CVE-2022-29248 was published for guzzlehttp/guzzle (Composer) May 25, 2022
Symfony Vulnerable to Timing Attack High
CVE-2015-8125 was published for symfony/form (Composer) May 17, 2022
Improper escaping of command arguments on Windows leading to command injection High
CVE-2021-41116 was published for composer/composer (Composer) Oct 5, 2021
paul-gerste-sonarsource
Doctrine Security Misconfiguration Vulnerability High
CVE-2015-5723 was published for aws/aws-sdk-php (Composer) May 17, 2022
HTTP Proxy header vulnerability High
CVE-2016-5385 was published for amphp/artax (Composer) Apr 7, 2022
Improper Access Control in moodle High
CVE-2020-25698 was published for moodle/moodle (Composer) Mar 29, 2021
MarkLee131
PHPMailer Shell command injection High
CVE-2007-3215 was published for phpmailer/phpmailer (Composer) Feb 2, 2024
Magento 2 Community Edition DoS vulnerability High
CVE-2019-7928 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition SSRF vulnerability High
CVE-2019-7923 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition DoS vulnerability High
CVE-2019-7915 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition SSRF vulnerability High
CVE-2019-7913 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition RCE Vulnerability High
CVE-2019-8141 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition RCE Vulnerability High
CVE-2019-8137 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition RCE Vulnerability High
CVE-2019-8122 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database