Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,290 advisories

Loading
Flarum mishandles invalidation of user email tokens High
CVE-2019-11514 was published for flarum/flarum (Composer) May 24, 2022
Cross site scripting via canonical tag in Contao High
CVE-2022-24899 was published for contao/contao (Composer) May 20, 2022
Arbitrary file upload in ShopXO High
CVE-2021-41938 was published for shopxo/shopxo (Composer) May 20, 2022
jQuery File Upload Plugin Unrestricted file upload vulnerability High
CVE-2014-8739 was published for blueimp/jquery-file-upload (Composer) May 17, 2022
DOMPDF Remote Code Execution High
CVE-2014-5013 was published for dompdf/dompdf (Composer) May 17, 2022
phpBB vulnerable to sensitive information disclosure High
CVE-2008-6507 was published for phpbb/phpbb (Composer) May 17, 2022
Rudloff
phpBB vulnerability related to use of "forum id" in circumstances related to a "global announcement." High
CVE-2010-1630 was published for phpbb/phpbb (Composer) May 17, 2022
Rudloff
phpBB 3.0.7 allows remote attackers to bypass intended access restrictions High
CVE-2010-1627 was published for phpbb/phpbb (Composer) May 17, 2022
Rudloff
powermail extension for TYPO3 vulnerable to SQL Injection High
CVE-2010-3604 was published for in2code/powermail (Composer) May 17, 2022
CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code High
CVE-2010-4335 was published for cakephp/cakephp (Composer) May 17, 2022
ravage84
phpMyAdmin allows remote attackers to bypass authentication and obtain sensitive information High
CVE-2010-4481 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
phpMyAdmin unsafely handles temporary files High
CVE-2008-7252 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
DOMPDF Remote File Inclusion Vulnerability High
CVE-2010-4879 was published for dompdf/dompdf (Composer) May 17, 2022
TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism High
CVE-2010-3714 was published for typo3/cms (Composer) May 17, 2022
ImpressPages CMS eval injection vulnerability High
CVE-2011-4932 was published for impresspages/impresspages (Composer) May 17, 2022
TYPO3 SQL injection vulnerability in the Extbase Framework High
CVE-2013-1842 was published for typo3/cms-core (Composer) May 17, 2022
CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references High
CVE-2012-4399 was published for cakephp/cakephp (Composer) May 17, 2022
ravage84
EGroupware Code Injection vulnerability High
CVE-2010-3313 was published for egroupware/egroupware (Composer) May 17, 2022
Multishop extension for TYPO3 has SQL Injection vulnerability High
CVE-2013-4682 was published for bvbmedia/multishop (Composer) May 17, 2022
phpMyAdmin Remote Code Execution High
CVE-2013-3239 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Zend Framework XXE Vulnerability High
CVE-2012-3363 was published for zendframework/zendframework1 (Composer) May 17, 2022
Drupal has open redirect vulnerability in the Overlay module High
CVE-2013-6389 was published for drupal/drupal (Composer) May 17, 2022
Rudloff
Pimcore Vulnerable to PHP Object Injection Attacks High
CVE-2014-2921 was published for pimcore/pimcore (Composer) May 17, 2022
TYPO3 vulnerable to remote authenticated arbitrary code execution High
CVE-2013-4321 was published for typo3/cms (Composer) May 17, 2022
TYPO3 doesn't properly check file extensions High
CVE-2013-4250 was published for typo3/cms (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database