Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,343 advisories

Loading
CURLOPT_HTTPAUTH option not cleared on change of origin High
CVE-2022-31090 was published for guzzlehttp/guzzle (Composer) Jun 21, 2022
Fix failure to strip Authorization header on HTTP downgrade High
CVE-2022-31043 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell
Credited to GrahamCampbell
Failure to strip the Cookie header on change in host or HTTP downgrade High
CVE-2022-31042 was published for guzzlehttp/guzzle (Composer) Jun 9, 2022
GrahamCampbell am0o0
Credited to GrahamCampbell and am0o0
phpMyAdmin CSRF Vulnerability High
CVE-2018-19969 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
October CMS Local File Inclusion High
CVE-2018-1999009 was published for october/october (Composer) May 13, 2022
Cockpit Content Platform vulnerable to 2FA bypass High
CVE-2022-2818 was published for cockpit-hq/cockpit (Composer) Aug 16, 2022
Improper Privilege Management in Snipe-IT High
CVE-2022-0611 was published for snipe/snipe-it (Composer) Feb 17, 2022
Improper Access Control in librenms High
CVE-2022-0580 was published for librenms/librenms (Composer) Feb 16, 2022
Code Injection in microweber High
CVE-2022-0282 was published for microweber/microweber (Composer) Jan 21, 2022
Joomla RCE Vulnerability High
CVE-2018-17856 was published for joomla/framework (Composer) May 13, 2022
Bookstack Cross-site Scripting vulnerability High
CVE-2020-26211 was published for ssddanbrown/bookstack (Composer) May 24, 2022
Fix for arbitrary file deletion in customer media allows for remote code execution High
CVE-2021-41143 was published for openmage/magento-lts (Composer) Jan 27, 2023
Pimcore RCE via PHAR upload High
CVE-2019-16317 was published for pimcore/pimcore (Composer) May 24, 2022
Dolibarr Cross-Site Request Forgery Vulnerability High
CVE-2020-11825 was published for dolibarr/dolibarr (Composer) May 24, 2022
RCE in baserCMS before 4.1.4 High
CVE-2018-18942 was published for baserproject/basercms (Composer) May 13, 2022
PocketMine-MP vulnerable to server crash using badly formatted sign NBT in BlockActorDataPacket High
GHSA-7wrv-6h42-w54f was published for pocketmine/pocketmine-mp (Composer) Jul 14, 2023
ShockedPlot7560 dktapps
Credited to ShockedPlot7560 and dktapps
CardGate Payments plugin for WooCommerce does not validate request origin High
CVE-2020-8819 was published for cardgate/woocommerce (Composer) May 24, 2022
Moodle contains CSRF vulnerability High
CVE-2021-43559 was published for moodle/moodle (Composer) May 24, 2022
SSRF in Kitodo.Presentation High
CVE-2022-24980 was published for kitodo/presentation (Composer) Feb 20, 2022
phpCAS vulnerable to Service Hostname Discovery Exploitation High
CVE-2022-39369 was published for apereo/phpcas (Composer) Nov 1, 2022
Lavalite vulnerable to Arbitrary File Read via Directory Traversal High
CVE-2022-42188 was published for lavalite/cms (Composer) Oct 19, 2022
baserCMS Cross Site Request Forgery vulnerability High
CVE-2016-4878 was published for baserproject/basercms (Composer) May 17, 2022
PEAR core file overwrite vulnerability High
CVE-2017-5630 was published for pear/pear (Composer) May 13, 2022
SQL Injection in Zenario 7.1-7.6 High
CVE-2018-5960 was published for tribalsystems/zenario (Composer) May 13, 2022
CSRF in baserCMS 3.0.10 and earlier High
CVE-2016-4881 was published for baserproject/basercms (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database