Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,110
NuGet
735
pip
3,933
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,290 advisories

Loading
Privilege escalation in easyappointments High
CVE-2022-1397 was published for alextselegidis/easyappointments (Composer) May 11, 2022
Improper account password reset in Craft CMS High
CVE-2022-29933 was published for craftcms/cms (Composer) May 10, 2022
CodeIgniter4 allows spoofing of IP address when using proxy High
CVE-2022-23556 was published for codeigniter4/framework (Composer) Dec 22, 2022
Improper neutralization of formula elements in yii-helpers High
CVE-2022-1544 was published for luyadev/yii-helpers (Composer) May 3, 2022
snipe-IT vulnerable to host header injection High
CVE-2022-23064 was published for snipe/snipe-it (Composer) May 3, 2022
ezplatform-graphql GraphQL queries can expose password hashes High
CVE-2022-41876 was published for ezsystems/ezplatform-graphql (Composer) Nov 10, 2022
tranca
BlockWishList SQL Injection vulnerability High
CVE-2022-31101 was published for prestashop/blockwishlist (Composer) Jun 25, 2022
haidv35
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework High
CVE-2022-23503 was published for typo3/cms (Composer) Dec 13, 2022
CakePHP allows method override parameters to bypass CSRF checks High
CVE-2020-35239 was published for cakephp/cakephp (Composer) May 24, 2022
ravage84
CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code High
CVE-2010-4335 was published for cakephp/cakephp (Composer) May 17, 2022
ravage84
CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter High
CVE-2015-8379 was published for cakephp/cakephp (Composer) May 14, 2022
ravage84
Prototype pollution in Snowboard framework High
CVE-2022-39357 was published for wintercms/winter (Composer) Oct 27, 2022
october/system arbitrary code execution High
CVE-2021-32650 was published for october/system (Composer) Jan 14, 2022
sushiwushi
October/System authenticated file write leads to remote code execution High
CVE-2021-32649 was published for october/system (Composer) Jan 14, 2022
cydave
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number High
CVE-2021-4111 was published for yetiforce/yetiforce-crm (Composer) Dec 16, 2021
Malfunction of CSRF token validation in Shopware High
CVE-2022-24879 was published for shopware/shopware (Composer) Apr 28, 2022
Command injection in mail agent settings High
CVE-2021-37708 was published for shopware/core (Composer) Aug 30, 2021
Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2021-32717 was published for shopware/platform (Composer) Sep 8, 2021
CodeIgniter4 Potential Session Handlers Vulnerability High
CVE-2022-46170 was published for codeigniter4/framework (Composer) Dec 22, 2022
srtnlgn
Centreon SQL Injection vulnerability via esc_name parameter High
CVE-2022-40043 was published for centreon/centreon (Composer) Sep 27, 2022
Dolibarr vulnerable to Improper Authentication and Improper Access Control High
CVE-2021-25956 was published for dolibarr/dolibarr (Composer) Sep 2, 2021
elFinder unsafe upload filtering leading to remote code execution High
CVE-2021-23394 was published for studio-42/elfinder (Composer) Jun 15, 2021
assaf-benjosef thomas-chauchefoin-sonarsource
October CMS Safe Mode bypass leads to authenticated Remote Code Execution High
CVE-2022-35944 was published for october/system (Composer) Oct 13, 2022
cydave daftspunk
Grav's Twig processing allowing dangerous PHP functions by default High
CVE-2021-29440 was published for getgrav/grav (Composer) Apr 16, 2021
thomas-chauchefoin-sonarsource
Concrete CMS vulnerable to Cross-site Request Forgery High
CVE-2022-43693 was published for concrete5/concrete5 (Composer) Nov 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database