Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,110
NuGet
735
pip
3,933
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

515 advisories

Loading
PrestaShop eval injection possible if shop vulnerable to SQL injection Critical
CVE-2022-31181 was published for prestashop/prestashop (Composer) Jul 29, 2022
himiklab yii2-jqgrid-widget vulnerable to SQL Injection Critical
CVE-2014-125051 was published for himiklab/yii2-jqgrid-widget (Composer) Jan 6, 2023
Dolibarr Cross-site Scripting vulnerability Critical
CVE-2021-25955 was published for dolibarr/dolibarr (Composer) Aug 30, 2021
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE Critical
CVE-2021-32682 was published for studio-42/elfinder (Composer) Jun 16, 2021
thomas-chauchefoin-sonarsource
Cross site scripting in FacturaScripts Critical
CVE-2022-1514 was published for facturascripts/facturascripts (Composer) Apr 29, 2022
Badaso vulnerable to Remote Code Execution via malicious file upload Critical
CVE-2022-41711 was published for badaso/core (Composer) Oct 26, 2022
easyii CMS's File Upload Management vulnerable to unrestricted upload Critical
CVE-2022-3771 was published for noumo/easyii (Composer) Oct 31, 2022
phpMyFAQ contains Weak Password Requirements Critical
CVE-2022-3754 was published for thorsten/phpmyfaq (Composer) Oct 29, 2022
RCE vulnerability in Pimcore/Mail & Dynamic Text Layout Critical
CVE-2022-39365 was published for pimcore/pimcore (Composer) Oct 29, 2022
nth347
laravel-jqgrid vulnerable to SQL Injection Critical
CVE-2021-4262 was published for mgallegos/laravel-jqgrid (Composer) Dec 19, 2022
Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration Critical
CVE-2022-2713 was published for aheinze/cockpit (Composer) Aug 9, 2022
Pagekit vulnerable to Unrestricted Upload of File with Dangerous Type Critical
CVE-2022-38916 was published for pagekit/pagekit (Composer) Sep 21, 2022
Cross site scripting vulnerability with discussion titles Critical
CVE-2022-41938 was published for flarum/core (Composer) Nov 21, 2022
dangzed
Incorrect Permission Assignment for Critical Resource in ShopXO Critical
CVE-2022-28056 was published for shopxo/shopxo (Composer) May 3, 2022
Deserialization of Untrusted Data in topthink/framework Critical
CVE-2021-23592 was published for topthink/framework (Composer) May 7, 2022
SQL Injection in SimpleSAMLphp Critical
CVE-2019-15537 was published for cesnet/simplesamlphp-module-proxystatistics (Composer) Nov 8, 2019
Potential Code Injection in Sprout Forms Critical
CVE-2020-11056 was published for barrelstrength/sprout-base-email (Composer) May 8, 2020
llamaonsecurity
Dolibarr vulnerable to privilege escalation Critical
CVE-2022-43138 was published for dolibarr/dolibarr (Composer) Nov 17, 2022
Insufficient Session Expiration in librenms/librenms Critical
CVE-2022-4070 was published for librenms/librenms (Composer) Nov 20, 2022
SQL injection in vhs (aka VHS: Fluid ViewHelpers) Critical
CVE-2021-28381 was published for fluidtypo3/vhs (Composer) Mar 29, 2021
Deserialization of Untrusted Data in NukeViet Critical
CVE-2019-7725 was published for nukeviet/nukeviet (Composer) Jun 22, 2021
Unauthenticated remote code execution in Ignition Critical
CVE-2021-3129 was published for facade/ignition (Composer) Mar 29, 2021
SQL Injection in NukeViet Critical
CVE-2019-7726 was published for nukeviet/nukeviet (Composer) Jun 22, 2021
Fixes a bug in Zend Framework's Stream HTTP Wrapper Critical
CVE-2021-21426 was published for openmage/magento-lts (Composer) Apr 22, 2021
Authentication bypass in MAGMI Critical
CVE-2020-5777 was published for dweeves/magmi (Composer) May 6, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database