GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+
1,343 advisories
Filter by severity
Webkit PDFs for TYPO3 allows remote attackers to execute arbitrary commands
High
CVE-2010-4962
was published
for
dmk/webkitpdf
(Composer)
May 17, 2022
Symphony Vulnerable to PHP Code Injection via YAML Parsing
High
CVE-2013-1348
was published
for
symfony/symfony
(Composer)
May 17, 2022
Symfony Arbitrary PHP code Execution
High
CVE-2013-1397
was published
for
symfony/symfony
(Composer)
May 17, 2022
News system (news) extension for TYPO3 vulnerable to SQL Injection
High
CVE-2013-4748
was published
for
georgringer/news
(Composer)
May 17, 2022
CoolURI extension for TYPO3 vulnerable to SQL Injection
High
CVE-2013-5322
was published
for
bednee/cooluri
(Composer)
May 17, 2022
Smarty arbitrary PHP code execution
High
CVE-2014-8350
was published
for
smarty/smarty
(Composer)
May 17, 2022
Dolibarr ERP and CRM Sensitive Data Disclosure
High
CVE-2017-14240
was published
for
dolibarr/dolibarr
(Composer)
May 17, 2022
GeniXCMS arbitrary PHP code execution
High
CVE-2017-14764
was published
for
genix/cms
(Composer)
May 17, 2022
Zend Framework Information Disclosure
High
CVE-2015-7503
was published
for
zendframework/zend-crypt
(Composer)
May 17, 2022
Zeta Components Mail Arbitrary code execution via a crafted email address
High
CVE-2017-15806
was published
for
zetacomponents/mail
(Composer)
May 17, 2022
TYPO3 Arbitrary Code Execution
High
CVE-2017-14251
was published
for
typo3/cms
(Composer)
May 17, 2022
CodeIgniter HTTP Header Injection
High
CVE-2017-1000247
was published
for
codeigniter4/framework
(Composer)
May 17, 2022
TeamPass arbitrary file upload vulnerability
High
CVE-2017-15054
was published
for
nilsteampassnet/teampass
(Composer)
May 17, 2022
TYPO3 Color Picker Wizard component allows remote authenticated editors to execute arbitrary PHP code
High
CVE-2014-3942
was published
for
typo3/cms
(Composer)
May 14, 2022
Dolibarr sensitive information disclosure
High
CVE-2017-17898
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
phpBB Server-Side Request Forgery (SSRF)
High
CVE-2017-1000419
was published
for
phpbb/phpbb
(Composer)
May 14, 2022
XXE Vulnerability in XMLBundle 0.1.7
High
CVE-2017-1000477
was published
for
desperado/xml-bundle
(Composer)
May 14, 2022
Yii Framework Cross-Site Request Forgery (CSRF)
High
CVE-2018-6009
was published
for
yiisoft/yii2
(Composer)
May 14, 2022
Drupal Comment reply form allows access to restricted content
High
CVE-2017-6926
was published
for
drupal/core
(Composer)
May 14, 2022
SimpleSAMLphp saml2 incorrect signature validation
High
CVE-2018-7711
was published
for
simplesamlphp/saml2
(Composer)
May 14, 2022
QuickAppsCMS Cross-Site Request Forgery (CSRF)
High
CVE-2018-9108
was published
for
quickapps/cms
(Composer)
May 14, 2022
Dolibarr SQL injection via type parameter in product/stats/card.php
High
CVE-2017-9839
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
Dolibarr SQL injection vulnerability
High
CVE-2017-18260
was published
for
dolibarr/dolibarr
(Composer)
May 14, 2022
phpMyAdmin CSRF vulnerability allowing arbitrary SQL execution
High
CVE-2018-10188
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
Moodle Portfolio script allows instantiation of class chosen by user
High
CVE-2018-1137
was published
for
moodle/moodle
(Composer)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API