Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,291 advisories

Loading
juzawebCMS Injection vulnerability High
CVE-2023-46468 was published for juzaweb/cms (Composer) Oct 28, 2023
PrestaShop some attribute not escaped in Validate::isCleanHTML method High
CVE-2024-21627 was published for prestashop/prestashop (Composer) Jan 3, 2024
Antonio-R1 antoniospataro
matthieu-rolland AureRita boherm matks
Froxlor username/surname AND company field Bypass High
CVE-2023-50256 was published for froxlor/froxlor (Composer) Jan 4, 2024
ahmedvienna
phpseclib vulnerable to denial of service High
CVE-2023-49316 was published for phpseclib/phpseclib (Composer) Nov 27, 2023
kdambekalns iekadou
MainWP Dashboard SQL Command Injection vulnerability High
CVE-2023-38519 was published for mainwp/mainwp (Composer) Dec 20, 2023
HTML comments vulnerability allowing to execute JavaScript code High
CVE-2021-41165 was published for ckeditor/ckeditor (Composer) Nov 17, 2021
leon-vg
OXID eShop user impersonation vulnerability High
CVE-2015-6926 was published for oxid-esales/oxideshop-ce (Composer) May 13, 2022
Configuration Injection in extension "Direct Mail" (direct_mail) High
CVE-2023-50461 was published for directmailteam/direct-mail (Composer) Dec 13, 2023
Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method High
CVE-2023-48122 was published for microweber/microweber (Composer) Dec 8, 2023
ThinkAdmin arbitrary file upload vulnerability High
CVE-2023-48966 was published for zoujingli/thinkadmin (Composer) Dec 4, 2023
Magento LTS vulnerable to Stored XSS via TinyMCE WYSIWYG Editor High
GHSA-9j5w-2cqc-cwj9 was published for openmage/magento-lts (Composer) Dec 8, 2023
halitAKAYDIN
Validation of SignedInfo High
CVE-2023-49087 was published for simplesamlphp/saml2 (Composer) Nov 28, 2023
Microweber file upload vulnerability High
CVE-2023-49052 was published for microweber/microweber (Composer) Nov 30, 2023
Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls High
CVE-2023-49075 was published for pimcore/admin-ui-classic-bundle (Composer) Nov 27, 2023
OroPlatform vulnerable to path traversal during temporary file manipulations High
CVE-2022-41951 was published for oro/platform (Composer) Nov 27, 2023
RaspAP Command Injection vulnerability High
CVE-2022-39987 was published for billz/raspap-webgui (Composer) Aug 1, 2023
MarkLee131
Cross-site Scripting via uploaded assets High
CVE-2023-48701 was published for statamic/cms (Composer) Nov 22, 2023
Cyber-Wo0dy
Statamic CMS vulnerable to remote code execution via form uploads High
CVE-2023-48217 was published for statamic/cms (Composer) Nov 14, 2023
ahinkle
Moodle Code Injection vulnerability High
CVE-2023-5540 was published for moodle/moodle (Composer) Nov 9, 2023
Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt() High
CVE-2023-47637 was published for pimcore/pimcore (Composer) Nov 15, 2023
thestr4ng3r
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation High
CVE-2020-13700 was published for airesvsg/acf-to-rest-api (Composer) May 24, 2022
MarkLee131
Guest Entries Remote code execution via file uploads High
CVE-2023-47621 was published for doublethreedigital/guest-entries (Composer) Nov 14, 2023
yiisoft/yii deserializing untrusted user input can lead to remote code execution High
CVE-2023-47130 was published for yiisoft/yii (Composer) Nov 14, 2023
ma4ter222
Subrion remote command execution vulnerability High
CVE-2023-46947 was published for intelliants/subrion (Composer) Nov 3, 2023
Statamic CMS remote code execution via front-end form uploads High
CVE-2023-47129 was published for statamic/cms (Composer) Nov 12, 2023
Cyber-Wo0dy
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database