Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,736
Maven
5,000+
npm
4,336
NuGet
764
pip
4,110
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,346 advisories

Loading
code injection in phpxmlrpc/phpxmlrpc High
GHSA-3fgr-xjr6-xqm8 was published for phpxmlrpc/phpxmlrpc (Composer) Nov 28, 2022
tdunlap607
Credited to tdunlap607
Withdrawn Advisory: Magento 2 Community Edition RCE Vulnerability High
CVE-2019-8229 was published for magento/community-edition (Composer) May 24, 2022 withdrawn
mPDF Unsafe Deserialization High
CVE-2019-1000005 was published for mpdf/mpdf (Composer) May 14, 2022
Subrion CMS CSRF Vulnerability High
CVE-2019-7357 was published for intelliants/subrion (Composer) May 24, 2022
Dolibarr ERP and CRM SQLi High
CVE-2019-19209 was published for dolibarr/dolibarr (Composer) May 24, 2022
Pagekit File Upload vulnerability High
CVE-2019-19013 was published for pagekit/pagekit (Composer) May 24, 2022
Pimcore Discloses Usernames In Use High
CVE-2019-18986 was published for pimcore/pimcore (Composer) May 24, 2022
url_redirect for Typo3 SQLi Vulnerability High
CVE-2019-16682 was published for sfroemken/url_redirect (Composer) May 24, 2022
Centreon Does Not Set HTTPOnly Flag High
CVE-2019-17104 was published for centreon/centreon (Composer) May 24, 2022
Subrion CMS CSRF Vulnerability High
CVE-2017-15063 was published for intelliants/subrion (Composer) May 14, 2022
Unrestricted Upload of File with Dangerous Type in Croogo High
CVE-2021-44673 was published for croogo/croogo (Composer) Mar 11, 2022
Deserialization of Untrusted Data in librenms/librenms High
CVE-2022-3525 was published for librenms/librenms (Composer) Nov 20, 2022
Dolibarr ERP and CRM Sensitive Data Disclosure High
CVE-2017-14240 was published for dolibarr/dolibarr (Composer) May 17, 2022
Server-Side Request Forgery in snipe/snipe-it High
CVE-2021-4075 was published for snipe/snipe-it (Composer) Dec 10, 2021
Centreon SQL Injection High
CVE-2018-19312 was published for centreon/centreon (Composer) May 14, 2022
Centreon SQL Injection High
CVE-2018-19271 was published for centreon/centreon (Composer) May 14, 2022
PocketMine-MP server crash due to incorrect EC curve used for LoginPacket identityPublicKey High
GHSA-79rc-jjh6-rc89 was published for pocketmine/pocketmine-mp (Composer) Sep 14, 2023
dktapps
Credited to dktapps
DataTable Vulnerable to Cross-Site Scripting High
CVE-2015-6584 was published for datatables (Composer) Aug 31, 2020
phpMyAdmin DoS Vulnerability High
CVE-2017-1000018 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Cross Site Request Forgery in Moodle High
CVE-2022-0335 was published for moodle/moodle (Composer) Jan 28, 2022
phpMyAdmin DoS Vulnerability High
CVE-2017-1000014 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
phpMyAdmin CSRF Vulnerability High
CVE-2017-1000499 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Path traversal in pimcore/pimcore High
CVE-2021-23340 was published for pimcore/pimcore (Composer) Feb 25, 2021
Privilage Escalation in moodle High
CVE-2020-25699 was published for moodle/moodle (Composer) Mar 29, 2021
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID High
CVE-2018-10189 was published for mautic/core (Composer) Jan 19, 2021
micschk
Credited to micschk
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database