Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,291 advisories

Loading
Possible SQL injection in tablelookupwizard Contao Extension High
GHSA-v3mr-gp7j-pw5w was published for terminal42/contao-tablelookupwizard (Composer) Feb 10, 2022
Zip slip in Microweber High
CVE-2020-28337 was published for microweber/microweber (Composer) Feb 10, 2022
Code injection in Twig High
CVE-2022-23614 was published for twig/twig (Composer) Feb 10, 2022
CSRF token missing in Symfony High
CVE-2022-23601 was published for symfony/framework-bundle (Composer) Feb 1, 2022
jderusse nexxome
ovrflo
Cross Site Request Forgery in Moodle High
CVE-2022-0335 was published for moodle/moodle (Composer) Jan 28, 2022
Cross-Site Request Forgery in yetiforce High
CVE-2022-0269 was published for yetiforce/yetiforce-crm (Composer) Jan 27, 2022
Mustache remote code injection vulnerability High
CVE-2022-0323 was published for mustache/mustache (Composer) Jan 27, 2022
Withdrawn Advisory: NULL Pointer Dereference in Protocol Buffers High
CVE-2021-22570 was published for Google.Protobuf (Composer) Jan 27, 2022 withdrawn
joshbressers
SQL Injection in dolibarr High
CVE-2022-0224 was published for dolibarr/dolibarr (Composer) Jan 21, 2022
crater is vulnerable to Unrestricted Upload of File with Dangerous Type High
CVE-2021-4080 was published for bytefury/crater (Composer) Jan 21, 2022
Unrestricted Upload of File with Dangerous Type in Crater High
CVE-2022-0242 was published for bytefury/crater (Composer) Jan 21, 2022
pimcore is vulnerable to SQL Injection High
CVE-2022-0258 was published for pimcore/pimcore (Composer) Jan 21, 2022
Unrestricted Upload of File with Dangerous Type in pimcore High
CVE-2022-0263 was published for pimcore/pimcore (Composer) Jan 21, 2022
Cross-site Scripting in HTML2PDF High
CVE-2021-45394 was published for spipu/html2pdf (Composer) Jan 21, 2022
IBX-1392: Image filenames sanitization High
GHSA-44m4-9cjp-j587 was published for ezsystems/ezpublish-kernel (Composer) Jan 21, 2022
Unhandled exception when decoding form response JSON High
GHSA-wjfq-88q2-r34j was published for pocketmine/pocketmine-mp (Composer) Jan 21, 2022
Exposure of Sensitive Information to an Unauthorized Actor in microweber High
CVE-2022-0281 was published for microweber/microweber (Composer) Jan 21, 2022
Code Injection in microweber High
CVE-2022-0282 was published for microweber/microweber (Composer) Jan 21, 2022
october/system arbitrary code execution High
CVE-2021-32650 was published for october/system (Composer) Jan 14, 2022
sushiwushi
October/System authenticated file write leads to remote code execution High
CVE-2021-32649 was published for october/system (Composer) Jan 14, 2022
cydave
Unchecked validity of Facing values in PlayerActionPacket High
GHSA-xh99-hw7h-wf63 was published for pocketmine/pocketmine-mp (Composer) Jan 13, 2022
Access to restricted PHP code by dynamic static class access in smarty High
CVE-2021-21408 was published for smarty/smarty (Composer) Jan 12, 2022
Sandbox Escape by math function in smarty High
CVE-2021-29454 was published for smarty/smarty (Composer) Jan 12, 2022
Weak Password Requirements in Daybyday CRM High
CVE-2022-22110 was published for bottelet/flarepoint (Composer) Jan 8, 2022
Missing Authorization in DayByDay CRM High
CVE-2022-22111 was published for bottelet/flarepoint (Composer) Jan 8, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database