Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,342 advisories

Loading
TYPO3 vulnerable to remote authenticated arbitrary code execution High
CVE-2013-4321 was published for typo3/cms (Composer) May 17, 2022
TYPO3 doesn't properly check file extensions High
CVE-2013-4250 was published for typo3/cms (Composer) May 17, 2022
XXE in SabreDAV High
CVE-2014-2055 was published for sabre/dav (Composer) May 17, 2022
GeSHi vulnerable to Directory Traversal High
CVE-2012-3521 was published for geshi/geshi (Composer) May 17, 2022
Yii PHP Framework arbitrary PHP scripts execution High
CVE-2014-4672 was published for yiisoft/yii (Composer) May 17, 2022
yag and pt_extbase extensions for TYPO3 allow remote attackers to bypass access restrictions High
CVE-2014-6289 was published for dl/yag (Composer) May 17, 2022
WEC Map (wec_map) extension for TYPO3 allows SQL Injection High
CVE-2014-6295 was published for jbartels/wec-map (Composer) May 17, 2022
TYPO3 powermail extension has unrestricted file upload vulnerability High
CVE-2014-3947 was published for in2code/powermail (Composer) May 17, 2022
Typo3 Vulnerable to Cache Poisoning High
CVE-2014-9509 was published for typo3/cms (Composer) May 17, 2022
Drupal Access Control Bypass High
CVE-2011-2687 was published for drupal/core (Composer) May 17, 2022
Joomla! Framework Remote Code Injection Vulnerability High
CVE-2015-8566 was published for joomla/session (Composer) May 17, 2022
Drupal Open Redirect High
CVE-2016-3164 was published for drupal/core (Composer) May 17, 2022
Drupal Form API ignores access restrictions on submit buttons High
CVE-2016-3165 was published for drupal/core (Composer) May 17, 2022
Drupal saving user accounts can sometimes grant the user all roles High
CVE-2016-3169 was published for drupal/core (Composer) May 17, 2022
Drupal Brute force amplification attacks via XML-RPC High
CVE-2016-3163 was published for drupal/core (Composer) May 17, 2022
Drupal Open redirect vulnerability in the drupal_goto function High
CVE-2016-3167 was published for drupal/core (Composer) May 17, 2022
Drupal File upload access bypass and denial of service High
CVE-2016-3162 was published for drupal/core (Composer) May 17, 2022
Drupal arbitrary code execution High
CVE-2016-3171 was published for drupal/core (Composer) May 17, 2022
Symfony Cryptographic Vulnerability High
CVE-2016-1902 was published for symfony/security (Composer) May 17, 2022
Symphony Denial of Service Via Overlong Usernames High
CVE-2016-4423 was published for symfony/security (Composer) May 17, 2022
PHP OpenID Library Denial of Service vulnerability High
CVE-2013-4701 was published for openid/php-openid (Composer) May 17, 2022
Doctrine Security Misconfiguration Vulnerability High
CVE-2015-5723 was published for aws/aws-sdk-php (Composer) May 17, 2022
phpMyAdmin Cryptographic Vulnerability High
CVE-2016-1927 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Drupal Saving user accounts can sometimes grant the user all roles High
CVE-2016-6211 was published for drupal/core (Composer) May 17, 2022
Drupal Incorrect cache context on password reset page High
CVE-2016-9450 was published for drupal/core (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database