Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,291 advisories

Loading
Cross Site Request Forgery in SwiftyEdit High
CVE-2023-47350 was published for swiftyedit/swiftyedit (Composer) Nov 22, 2023
Phar object injection in PHPMailer High
CVE-2018-19296 was published for phpmailer/phpmailer (Composer) Mar 5, 2020
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial High
CVE-2021-29472 was published for composer/composer (Composer) Apr 29, 2021
thomas-chauchefoin-sonarsource
Deserialization of Untrusted Data in Codeigniter4 High
CVE-2022-21647 was published for codeigniter4/framework (Composer) Jan 6, 2022
Missing input validation can lead to command execution in composer High
CVE-2022-24828 was published for composer/composer (Composer) Apr 22, 2022
thomas-chauchefoin-sonarsource
Composer allows cache poisoning from other projects built on the same host High
CVE-2015-8371 was published for composer/composer (Composer) Sep 21, 2023
phpMyAdmin HTTP Response Splitting Vulnerability High
CVE-2009-1149 was published for phpmyadmin/phpmyadmin (Composer) May 2, 2022
Indexed Search Engine for TYPO3 Command Execution via Metacharacter Injection High
CVE-2009-0258 was published for typo3/cms (Composer) May 2, 2022
Authentication library in TYPO3 vulnerable to session fixation High
CVE-2009-0256 was published for typo3/cms (Composer) May 2, 2022
Drupal Access Control Bypass High
CVE-2011-2687 was published for drupal/core (Composer) May 17, 2022
phpMyAdmin vulnerable to static code injection High
CVE-2011-2506 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
WWBN AVideo Improper Restriction of Excessive Authentication Attempts vulnerability High
CVE-2023-49810 was published for wwbn/avideo (Composer) Jan 10, 2024
simpleSAMLphp incorrectly handles XML encryption High
CVE-2011-4625 was published for simplesamlphp/simplesamlphp (Composer) Apr 22, 2022
Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File High
CVE-2023-46245 was published for kimai/kimai (Composer) Oct 30, 2023
ixSly
Magento Improper Access Control vulnerability High
CVE-2022-34255 was published for magento/community-edition (Composer) Aug 17, 2022
Magento Improper Authorization vulnerability High
CVE-2022-34256 was published for magento/community-edition (Composer) Aug 17, 2022
Magento OS command injection via the customer attribute save controller High
CVE-2021-21015 was published for magento/community-edition (Composer) May 24, 2022
Magento Path Traversal vulnerability High
CVE-2022-34254 was published for magento/community-edition (Composer) Aug 17, 2022
Magento SQL Injection vulnerability High
CVE-2020-24400 was published for magento/community-edition (Composer) May 24, 2022
Magento defense-in-depth security mitigation vulnerability High
CVE-2020-9591 was published for magento/community-edition (Composer) May 24, 2022
Magento sql injection vulnerability High
CVE-2020-3719 was published for magento/community-edition (Composer) May 24, 2022
Magento arbitrary PHP code execution via the productData parameter High
CVE-2015-6497 was published for magento/core (Composer) May 24, 2022
Magento Remote code execution through catalog attribute sets High
CVE-2019-8231 was published for magento/core (Composer) May 24, 2022
Magento Remote code execution through support/output path modification High
CVE-2019-8230 was published for magento/core (Composer) May 24, 2022
WooCommerce Cross-Site Request Forgery (CSRF) High
CVE-2019-20891 was published for woocommerce/woocommerce (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database