Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,343 advisories

Loading
CSRF in baserCMS 3.0.10 and earlier High
CVE-2016-4879 was published for baserproject/basercms (Composer) May 13, 2022
Arbitrary file delete in baserCMS High
CVE-2017-10843 was published for baserproject/basercms (Composer) May 13, 2022
Unauthenticated File Read in PHP Proxy High
CVE-2018-19458 was published for athlon1600/php-proxy-app (Composer) May 14, 2022
baserCMS vulnerable to Access Control Bypass High
CVE-2018-0572 was published for baserproject/basercms (Composer) May 13, 2022
Zen Cart vulnerable to authenticated remote code execution High
CVE-2021-3291 was published for zencart/zencart (Composer) May 24, 2022
Feehi CMS arbitrary file upload vulnerability High
CVE-2020-22643 was published for feehi/cms (Composer) May 24, 2022
Archive_Tar contains Potential RCE if filename starts with phar:// High
CVE-2018-1000888 was published for pear/archive_tar (Composer) Jul 7, 2023
LFI in PHP-Proxy 5.1.0 High
CVE-2018-19246 was published for athlon1600/php-proxy (Composer) May 14, 2022
Zenario CMS vulnerable to CSRF High
CVE-2018-18420 was published for tribalsystems/zenario (Composer) May 14, 2022
Authenticated RCE in Zen Cart 1.5.5e High
CVE-2017-11675 was published for zencart/zencart (Composer) May 17, 2022
Unrestricted File Upload vulnerability in Firefly III High
CVE-2021-3846 was published for grumpydictator/firefly-iii (Composer) May 24, 2022
Code Injection in baserCMS High
CVE-2017-10844 was published for baserproject/basercms (Composer) May 14, 2022
Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0 High
CVE-2018-8947 was published for rap2hpoutre/laravel-log-viewer (Composer) May 13, 2022
Weak Cryptography in PHP-Proxy High
CVE-2018-19784 was published for athlon1600/php-proxy (Composer) May 13, 2022
XXE Vulnerability in XMLBundle 0.1.7 High
CVE-2017-1000477 was published for desperado/xml-bundle (Composer) May 14, 2022
OS Command Injection in baserCMS High
CVE-2021-20682 was published for baserproject/basercms (Composer) Jun 8, 2021
Deserialization of Untrusted Data in Archive_Tar High
CVE-2020-28948 was published for pear/archive_tar (Composer) Apr 22, 2021
Improper file handling in concrete5/core High
CVE-2021-22968 was published for concrete5/core (Composer) Nov 23, 2021
phpMyFAQ has insecure HTTP cookies High
CVE-2022-4409 was published for thorsten/phpmyfaq (Composer) Dec 11, 2022
elFinder vulnerable to path traversal in LocalVolumeDriver connector High
CVE-2023-35840 was published for studio-42/elfinder (Composer) Jun 14, 2023
sectroyer
Credited to sectroyer
thorsten/phpmyfaq vulnerable to business logic errors High
CVE-2023-1887 was published for thorsten/phpmyfaq (Composer) Apr 5, 2023
G-Rath
Credited to G-Rath
Withdrawn: ConcreteCMS vulnerable to Xpath injection attacks High
CVE-2022-46464 was published for concrete5/concrete5 (Composer) Dec 6, 2022 withdrawn
LisaCISO
Credited to LisaCISO
PocketMine-MP vulnerable to improperly checked dropped item count leading to server crash High
GHSA-h87r-f4vc-mchv was published for pocketmine/pocketmine-mp (Composer) Jun 6, 2023
dktapps
Credited to dktapps
Change in port should be considered a change in origin High
CVE-2022-31091 was published for guzzlehttp/guzzle (Composer) Jun 21, 2022
Cachet vulnerable to new line injection during configuration edition High
CVE-2021-39172 was published for cachethq/cachet (Composer) Aug 30, 2021
thomas-chauchefoin-sonarsource tdunlap607
Credited to thomas-chauchefoin-sonarsource and tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database