Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,856
Erlang
36
GitHub Actions
36
Go
2,489
Maven
5,000+
npm
4,106
NuGet
735
pip
3,928
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,288 advisories

Loading
Twig may load a template outside a configured directory when using the filesystem loader High
CVE-2022-39261 was published for twig/twig (Composer) Sep 30, 2022
PHP Code Injection by malicious block or filename in Smarty High
CVE-2022-29221 was published for smarty/smarty (Composer) May 25, 2022
altm4n
Command injection in czproject/git-php High
CVE-2022-25866 was published for czproject/git-php (Composer) Apr 26, 2022
exceedone/exment and exceedone/laravel-admin SQL Injection vulnerability High
CVE-2022-37333 was published for exceedone/exment (Composer) Aug 25, 2022
PHPMailer susceptible to arbitrary code execution High
CVE-2008-5619 was published for phpmailer/phpmailer (Composer) May 14, 2022
jhutchings1
Server-Side Request Forgery (SSRF) in Shopware High
CVE-2022-24871 was published for shopware/core (Composer) Apr 22, 2022
shyim
SQL injection in helloxz/imgurl High
CVE-2022-29305 was published for helloxz/imgurl (Composer) May 25, 2022
Arbitrary file upload in ShopXO High
CVE-2021-41938 was published for shopxo/shopxo (Composer) May 20, 2022
Improper Privilege Management in Concrete CMS High
CVE-2021-22966 was published for concrete5/core (Composer) Nov 23, 2021
SQL Injection found in Pimcore High
CVE-2022-1429 was published for pimcore/pimcore (Composer) Apr 23, 2022
Improper Access Control in Shopware High
CVE-2022-24872 was published for shopware/core (Composer) Apr 22, 2022
NilsEvers
Persistent Cross-site Scripting vulnerability in PrivateBin High
CVE-2022-24833 was published for privatebin/privatebin (Composer) Apr 12, 2022
Code Injection in Bolt CMS High
CVE-2021-40219 was published for bolt/core (Composer) Apr 12, 2022
SQL Injection in Pimcore High
CVE-2022-1339 was published for pimcore/pimcore (Composer) Apr 14, 2022
Improper Neutralization of Formula Elements in a CSV File in Kimai 2 High
CVE-2021-43515 was published for kevinpapst/kimai2 (Composer) Apr 9, 2022
Deleted Admin Can Sign In to Admin Interface High
CVE-2021-41126 was published for october/october (Composer) Oct 6, 2021
Weak password hash in LiveHelperChat High
CVE-2022-1235 was published for remdex/livehelperchat (Composer) Apr 6, 2022
SQL Injection in Pimcore High
CVE-2022-1219 was published for pimcore/pimcore (Composer) Apr 9, 2022
Cross-site Scripting in TastyIgniter High
CVE-2022-0602 was published for tastyigniter/tastyigniter (Composer) Apr 6, 2022
Remote code execution in Subrion High
CVE-2021-43464 was published for intelliants/subrion (Composer) Apr 5, 2022
Server side request forgery in LiveHelperChat High
CVE-2022-1213 was published for remdex/livehelperchat (Composer) Apr 6, 2022
Files or Directories Accessible to External Parties in Adminer High
CVE-2021-43008 was published for vrana/adminer (Composer) Apr 6, 2022
Unrestricted Upload of File with Dangerous Type in WPanel 4 High
CVE-2021-34257 was published for wpanel/wpanel4-cms (Composer) Apr 1, 2022
Type Confusion in LiveHelperChat High
CVE-2022-1176 was published for remdex/livehelperchat (Composer) Apr 1, 2022
Access Control vulnerability in Dolibarr High
CVE-2021-37517 was published for dolibarr/dolibarr (Composer) Apr 1, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database