Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,109
NuGet
735
pip
3,933
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,290 advisories

Loading
phpMyAdmin allows remote attackers to bypass authentication and obtain sensitive information High
CVE-2010-4481 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
powermail extension for TYPO3 vulnerable to SQL Injection High
CVE-2010-3604 was published for in2code/powermail (Composer) May 17, 2022
EGroupware Code Injection vulnerability High
CVE-2010-3313 was published for egroupware/egroupware (Composer) May 17, 2022
Moodle vulnerable to SQL injection High
CVE-2010-1615 was published for moodle/moodle (Composer) May 13, 2022
Accessibility Glossary (a21glossary) SQL injection vulnerability High
CVE-2009-4803 was published for svewap/a21glossary (Composer) May 2, 2022
TYPO3 PHP remote file inclusion vulnerability High
CVE-2010-1153 was published for typo3/cms (Composer) May 2, 2022
ibexa/fieldtype-richtext allows access to external entities in XML High
GHSA-cj3w-g42v-wcj6 was published for ibexa/fieldtype-richtext (Composer) Apr 10, 2025
ezsystems/ezplatform-richtext allows access to external entities in XML High
GHSA-2jqj-5qv2-xvcg was published for ezsystems/ezplatform-richtext (Composer) Apr 10, 2025
TYPO3 powermail Extension Vulnerable to SQL Injection via Unspecified Vectors High
CVE-2010-0329 was published for in2code/powermail (Composer) May 2, 2022
Frontend User Registration extension for TYPO3 does not properly verify access rights High
CVE-2009-1264 was published for sjbr/sr-feuser-register (Composer) May 2, 2022
AdaptCMS SQL Injection vulnerability High
CVE-2008-4524 was published for adaptcms/adaptcms (Composer) May 2, 2022
Joomla CMS Multi-Factor Authentication Bypass High
CVE-2025-25227 was published for joomla/joomla-cms (Composer) Apr 8, 2025
Shopware allows Denial Of Service via password length High
CVE-2025-30151 was published for shopware/core (Composer) Apr 8, 2025
bsmietana
Browsershot Server-Side Request Forgery (SSRF) via setURL() Function High
CVE-2025-3192 was published for spatie/browsershot (Composer) Apr 4, 2025
TYPO3 Reveals Sensitive Information via Direct Request to `misc/phpcheck/` High
CVE-2005-4875 was published for typo3/cms (Composer) May 1, 2022
Command injection in yiisoft/yii2-gii High
CVE-2020-36655 was published for yiisoft/yii2-gii (Composer) Jan 21, 2023
Yeswiki Path Traversal vulnerability allows arbitrary read of files High
CVE-2025-31131 was published for yeswiki/yeswiki (Composer) Apr 1, 2025
masquerad3r
XXE in SabreDAV High
CVE-2014-2055 was published for sabre/dav (Composer) May 17, 2022
Symfony vulnerable to command execution hijack on Windows with Process class High
CVE-2024-51736 was published for symfony/process (Composer) Nov 6, 2024
nicolas-grekas haqpl
paulblei
TastyIgniter Has an Incorrect Access Control Vulnerability via `invoice()` Function High
CVE-2024-44313 was published for tastyigniter/tastyigniter (Composer) Mar 18, 2025
Snipe-IT remote code execution High
CVE-2024-48987 was published for snipe/snipe-it (Composer) Oct 11, 2024
SameSite Attribute vulnerability in pimCore High
CVE-2023-25240 was published for pimcore/pimcore (Composer) Feb 13, 2023
Unsafe Reflection in base Component class in yiisoft/yii2 High
CVE-2024-4990 was published for yiisoft/yii2 (Composer) Jun 2, 2024
zonia3000 mtangoo
iBotPeaches rob006
Adobe Commerce Path Traversal High
CVE-2025-24406 was published for magento/community-edition (Composer) Feb 11, 2025
Adobe Commerce Improper Authorization vulnerability High
CVE-2025-24409 was published for magento/community-edition (Composer) Feb 11, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database