Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,342 advisories

Loading
Moodle Unrestricted file upload vulnerability High
CVE-2016-9187 was published for moodle/moodle (Composer) May 17, 2022
Slim vulnerable to PHP object injection High
CVE-2015-2171 was published for slim/slim (Composer) May 17, 2022
phpMyAdmin allows remote attackers to spoof content via the url parameter High
CVE-2015-7873 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Symfony Vulnerable to Timing Attack High
CVE-2015-8125 was published for symfony/form (Composer) May 17, 2022
getID3 is vulnerable to XML External Entity (XXE) High
CVE-2014-2053 was published for james-heinrich/getid3 (Composer) May 17, 2022
Extbase for TYPO3 allows RCE High
CVE-2016-5091 was published for typo3/cms-extbase (Composer) May 17, 2022
GeniXCMS SQL injection vulnerability High
CVE-2016-10096 was published for genix/cms (Composer) May 17, 2022
GeniXCMS SQL Injection High
CVE-2017-8377 was published for genix/cms (Composer) May 17, 2022
baserCMS Cross Site Request Forgery vulnerability High
CVE-2016-4878 was published for baserproject/basercms (Composer) May 17, 2022
CSRF in baserCMS 3.0.10 and earlier High
CVE-2016-4881 was published for baserproject/basercms (Composer) May 17, 2022
MODX Revolution allows overwriting .htaccess High
CVE-2017-9069 was published for modx/revolution (Composer) May 17, 2022
MODX Revolution Directory Traversal Vulnerability High
CVE-2017-9067 was published for modx/revolution (Composer) May 17, 2022
Zend Framework CSRF Vulnerability High
CVE-2015-1786 was published for zendframework/zendframework (Composer) May 17, 2022
Dolibarr ERP and CRM Unsafe File Upload Vulnerability High
CVE-2017-9840 was published for dolibarr/dolibarr (Composer) May 17, 2022
phpMyAdmin Remote code execution vulnerability when PHP is running with dbase extension High
CVE-2016-6633 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
phpMyAdmin Bypass white-list protection for URL redirection High
CVE-2016-9861 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
phpMyAdmin DoS Vulnerability High
CVE-2016-9863 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Drupal Cross-Site Request Forgery (CSRF) High
CVE-2017-6379 was published for drupal/core (Composer) May 17, 2022
MODX Revolution blind SQL injection High
CVE-2017-1000067 was published for modx/revolution (Composer) May 17, 2022
phpMyAdmin Cookie attribute injection attack High
CVE-2017-1000016 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Authenticated RCE in Zen Cart 1.5.5e High
CVE-2017-11675 was published for zencart/zencart (Composer) May 17, 2022
Drupal Node Validation Bypass in the node module API High
CVE-2008-4793 was published for drupal/drupal (Composer) May 17, 2022
ViMbAdmin CSRF Vulnerabilities High
CVE-2017-6086 was published for opensolutions/vimbadmin (Composer) May 17, 2022
Webkit PDFs for TYPO3 has SQL Injection vulnerability High
CVE-2010-4961 was published for dmk/webkitpdf (Composer) May 17, 2022
Webkit PDFs for TYPO3 allows remote attackers to execute arbitrary commands High
CVE-2010-4962 was published for dmk/webkitpdf (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database