Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,290 advisories

Loading
Moodle vulnerable to PHP object injection attacks High
CVE-2014-3541 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle Cross-site request forgery (CSRF) vulnerability High
CVE-2016-3734 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Moodle cross-site request forgery (CSRF) vulnerability High
CVE-2016-2157 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Statamic framework Incorrect Permission Assignment High
CVE-2017-11422 was published for statamic/cms (Composer) May 13, 2022
Bolt Unrestricted Upload of File with Dangerous Type High
CVE-2019-9185 was published for bolt/bolt (Composer) May 13, 2022
Bolt Cross Site Request Forgery (CSRF) High
CVE-2019-10874 was published for bolt/bolt (Composer) May 13, 2022
Pagekit Weak Password Recovery Mechanism for Forgotten Password High
CVE-2017-5594 was published for pagekit/pagekit (Composer) May 13, 2022
OXID eShop user impersonation vulnerability High
CVE-2015-6926 was published for oxid-esales/oxideshop-ce (Composer) May 13, 2022
Mautic Cross-Site Request Forgery (CSRF) High
CVE-2017-8874 was published for mautic/core (Composer) May 13, 2022
Luracast Restler directory traversal vulnerability High
CVE-2017-15363 was published for aoe/restler (Composer) May 13, 2022
Subrion CMS RCE Vulnerability High
CVE-2018-19422 was published for intelliants/subrion (Composer) May 13, 2022
protobuf susceptible to buffer overflow High
CVE-2015-5237 was published for Google.Protobuf (Composer) May 13, 2022
elFinder Server Side Request Forgery (SSRF) High
CVE-2019-6257 was published for studio-42/elfinder (Composer) May 13, 2022
Smarty Path Traversal Vulnerability High
CVE-2018-13982 was published for smarty/smarty (Composer) May 13, 2022
phpMyAdmin Improper Authentication High
CVE-2018-12613 was published for phpmyadmin/phpmyadmin (Composer) May 13, 2022
Wizkunde SAMLBase SAML Bypass High
CVE-2018-5387 was published for gogentooss/samlbase (Composer) May 13, 2022
Privilege escalation in easyappointments High
CVE-2022-1397 was published for alextselegidis/easyappointments (Composer) May 11, 2022
Incorrect Authorization in microweber High
CVE-2022-1631 was published for microweber/microweber (Composer) May 10, 2022
Improper account password reset in Craft CMS High
CVE-2022-29933 was published for craftcms/cms (Composer) May 10, 2022
Symfony collectionCascaded and collectionCascadedDeeply fields security bypass High
CVE-2013-4751 was published for symfony/symfony (Composer) May 5, 2022
Improper neutralization of formula elements in yii-helpers High
CVE-2022-1544 was published for luyadev/yii-helpers (Composer) May 3, 2022
snipe-IT vulnerable to host header injection High
CVE-2022-23064 was published for snipe/snipe-it (Composer) May 3, 2022
TYPO3 PHP remote file inclusion vulnerability High
CVE-2010-1153 was published for typo3/cms (Composer) May 2, 2022
TYPO3 Authentication Bypass via Salted user password hashes extension High
CVE-2010-1022 was published for typo3/cms-saltedpasswords (Composer) May 2, 2022 withdrawn
TYPO3 powermail Extension Vulnerable to SQL Injection via Unspecified Vectors High
CVE-2010-0329 was published for in2code/powermail (Composer) May 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database