GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,110
NuGet
735
pip
3,933
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+
1,290 advisories
Filter by severity
TYPO3 Reveals Sensitive Information via Direct Request to `misc/phpcheck/`
High
CVE-2005-4875
was published
for
typo3/cms
(Composer)
May 1, 2022
Browsershot Server-Side Request Forgery (SSRF) via setURL() Function
High
CVE-2025-3192
was published
for
spatie/browsershot
(Composer)
Apr 4, 2025
Shopware allows Denial Of Service via password length
High
CVE-2025-30151
was published
for
shopware/core
(Composer)
Apr 8, 2025
Joomla CMS Multi-Factor Authentication Bypass
High
CVE-2025-25227
was published
for
joomla/joomla-cms
(Composer)
Apr 8, 2025
AdaptCMS SQL Injection vulnerability
High
CVE-2008-4524
was published
for
adaptcms/adaptcms
(Composer)
May 2, 2022
Frontend User Registration extension for TYPO3 does not properly verify access rights
High
CVE-2009-1264
was published
for
sjbr/sr-feuser-register
(Composer)
May 2, 2022
TYPO3 powermail Extension Vulnerable to SQL Injection via Unspecified Vectors
High
CVE-2010-0329
was published
for
in2code/powermail
(Composer)
May 2, 2022
ezsystems/ezplatform-richtext allows access to external entities in XML
High
GHSA-2jqj-5qv2-xvcg
was published
for
ezsystems/ezplatform-richtext
(Composer)
Apr 10, 2025
ibexa/fieldtype-richtext allows access to external entities in XML
High
GHSA-cj3w-g42v-wcj6
was published
for
ibexa/fieldtype-richtext
(Composer)
Apr 10, 2025
TYPO3 PHP remote file inclusion vulnerability
High
CVE-2010-1153
was published
for
typo3/cms
(Composer)
May 2, 2022
Accessibility Glossary (a21glossary) SQL injection vulnerability
High
CVE-2009-4803
was published
for
svewap/a21glossary
(Composer)
May 2, 2022
Moodle vulnerable to SQL injection
High
CVE-2010-1615
was published
for
moodle/moodle
(Composer)
May 13, 2022
EGroupware Code Injection vulnerability
High
CVE-2010-3313
was published
for
egroupware/egroupware
(Composer)
May 17, 2022
powermail extension for TYPO3 vulnerable to SQL Injection
High
CVE-2010-3604
was published
for
in2code/powermail
(Composer)
May 17, 2022
phpMyAdmin allows remote attackers to bypass authentication and obtain sensitive information
High
CVE-2010-4481
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
phpMyAdmin Directory Traversal vulnerability
High
CVE-2011-2508
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
Webkit PDFs for TYPO3 has SQL Injection vulnerability
High
CVE-2010-4961
was published
for
dmk/webkitpdf
(Composer)
May 17, 2022
Webkit PDFs for TYPO3 allows remote attackers to execute arbitrary commands
High
CVE-2010-4962
was published
for
dmk/webkitpdf
(Composer)
May 17, 2022
ImpressPages CMS eval injection vulnerability
High
CVE-2011-4932
was published
for
impresspages/impresspages
(Composer)
May 17, 2022
Multishop extension for TYPO3 has SQL Injection vulnerability
High
CVE-2013-4682
was published
for
bvbmedia/multishop
(Composer)
May 17, 2022
News system (news) extension for TYPO3 vulnerable to SQL Injection
High
CVE-2013-4748
was published
for
georgringer/news
(Composer)
May 17, 2022
CoolURI extension for TYPO3 vulnerable to SQL Injection
High
CVE-2013-5322
was published
for
bednee/cooluri
(Composer)
May 17, 2022
Pimcore Vulnerable to PHP Object Injection Attacks
High
CVE-2014-2921
was published
for
pimcore/pimcore
(Composer)
May 17, 2022
TYPO3 doesn't properly check file extensions
High
CVE-2013-4250
was published
for
typo3/cms
(Composer)
May 17, 2022
TYPO3 vulnerable to remote authenticated arbitrary code execution
High
CVE-2013-4321
was published
for
typo3/cms
(Composer)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API