Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,111
NuGet
735
pip
3,933
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,290 advisories

Loading
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4131 was published for remdex/livehelperchat (Composer) Jan 5, 2022
OS Command Injection in Laravel Framework High
CVE-2020-19316 was published for laravel/framework (Composer) Jan 6, 2022
phpMyFAQ vulnerable to Cross-site Scripting High
CVE-2022-3608 was published for phpmyfaq/phpmyfaq (Composer) Oct 19, 2022
RosarioSIS before 10.1 vulnerable to Improper Handling of Length Parameter Inconsistency High
CVE-2022-2714 was published for francoisjacquet/rosariosis (Composer) Sep 7, 2022
Thinkphp has a code logic error High
CVE-2022-44289 was published for topthink/framework (Composer) Dec 6, 2022
Improper input validation in Drupal core High
CVE-2022-25271 was published for drupal/core (Composer) Feb 18, 2022
Microweber vulnerable to unrestricted malicious uploads High
CVE-2022-4732 was published for microweber/microweber (Composer) Dec 27, 2022
Cross-site Scripting in librenms/librenms High
CVE-2022-4068 was published for librenms/librenms (Composer) Nov 20, 2022
PHP file inclusion in the Sulu admin panel High
CVE-2021-43836 was published for sulu/sulu (Composer) Dec 15, 2021
Privilege escalation in the Sulu Admin panel High
CVE-2021-43835 was published for sulu/sulu (Composer) Dec 15, 2021
SQL injection in prestashop/prestashop High
CVE-2021-43789 was published for prestashop/prestashop (Composer) Dec 7, 2021
PierreRambaud
Pterodactyl vulnerable to 2FA Sniffing High
CVE-2019-1020002 was published for pterodactyl/panel (Composer) May 24, 2022
ygmpxwn
SQL injection in jackalope/jackalope-doctrine-dbal High
CVE-2021-43822 was published for jackalope/jackalope-doctrine-dbal (Composer) Dec 14, 2021
alexander-schranz
showdoc is vulnerable to Cross-Site Request Forgery (CSRF) High
CVE-2021-4017 was published for showdoc/showdoc (Composer) Dec 3, 2021
Information exposure in elgg High
CVE-2021-3980 was published for elgg/elgg (Composer) Dec 16, 2021
kimai2 is vulnerable to Cross-site Scripting High
CVE-2021-3985 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
Path traversal in grav High
CVE-2021-3924 was published for getgrav/grav (Composer) Nov 10, 2021
Potential Zip Slip Vulnerability in baserCMS High
CVE-2021-41279 was published for baserproject/basercms (Composer) Dec 1, 2021
Origin Validation Error in Magento 2 High
CVE-2020-8818 was published for cardgate/magento2 (Composer) Oct 12, 2021
Unrestricted access to predictable file paths in hov/jobfair High
CVE-2021-43564 was published for hov/jobfair (Composer) Nov 15, 2021
Use of Insufficiently Random Values in yiisoft/yii2-dev High
CVE-2021-3689 was published for yiisoft/yii2-dev (Composer) Sep 1, 2021
Malicious password-reset in Akaunting High
CVE-2021-36804 was published for akaunting/akaunting (Composer) Sep 1, 2021
Unauthenticated SQL Injection in Cachet High
CVE-2021-39165 was published for cachethq/cachet (Composer) Aug 30, 2021
phith0n
Cross-site scripting vulnerability in file upload High
CVE-2021-39136 was published for baserproject/basercms (Composer) Aug 30, 2021
Server-Side Request Forgery vulnerability in concrete5 High
CVE-2021-22958 was published for concrete5/concrete5 (Composer) Oct 12, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database