Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,291 advisories

Loading
Insufficient output escaping of attachment names in PHPMailer High
CVE-2020-13625 was published for phpmailer/phpmailer (Composer) May 27, 2020
Cross-site scripting from content entered in the tags and multiselect fields High
GHSA-rv3r-vqjj-8c76 was published for getkirby/cms (Composer) Aug 30, 2022
mezzio-swoole Applications Using Diactoros Vulnerable to HTTP Host Header Attack High
GHSA-c8rp-cgf4-937w was published for mezzio/mezzio-swoole (Composer) Jul 29, 2022
Potential XSS injection In PrestaShop contactform High
CVE-2020-15178 was published for prestashop/contactform (Composer) Sep 15, 2020
Improperly checked IDs on itemstacks received from the client leading to server crash in PocketMine-MP High
GHSA-fqx3-r75h-vc89 was published for pocketmine/pocketmine-mp (Composer) Jun 7, 2022
Insufficient type validation in pocketmine/pocketmine-mp High
GHSA-g5rr-p69h-7v3g was published for pocketmine/pocketmine-mp (Composer) Apr 22, 2022
kurt-r2c
Buffer length underflow in LoginPacket causing unchecked exceptions to be thrown High
GHSA-5jfw-35xp-5m42 was published for pocketmine/bedrock-protocol (Composer) Apr 5, 2022
Automatic named constructor discovery in Valinor High
GHSA-xhr8-mpwq-2rr2 was published for cuyz/valinor (Composer) Apr 1, 2022
Ocramius
Arbitrary shell execution High
GHSA-mhfv-8rc9-w38c was published for squizlabs/php_codesniffer (Composer) Mar 26, 2022
Arbitrary shell execution High
GHSA-3988-h75v-hwf6 was published for squizlabs/php_codesniffer (Composer) Mar 26, 2022
Improperly checked metadata on tools/armour itemstacks received from the client High
GHSA-46c5-pfj8-fv65 was published for pocketmine/pocketmine-mp (Composer) Mar 18, 2022
JavierLeon9966
Possible SQL injection in tablelookupwizard Contao Extension High
GHSA-v3mr-gp7j-pw5w was published for terminal42/contao-tablelookupwizard (Composer) Feb 10, 2022
Unhandled exception when decoding form response JSON High
GHSA-wjfq-88q2-r34j was published for pocketmine/pocketmine-mp (Composer) Jan 21, 2022
IBX-1392: Image filenames sanitization High
GHSA-44m4-9cjp-j587 was published for ezsystems/ezpublish-kernel (Composer) Jan 21, 2022
Unchecked validity of Facing values in PlayerActionPacket High
GHSA-xh99-hw7h-wf63 was published for pocketmine/pocketmine-mp (Composer) Jan 13, 2022
Uncapped length of skin data fields submitted by players High
GHSA-c6fg-99pr-25m9 was published for pocketmine/pocketmine-mp (Composer) Jan 6, 2022
PocketMine-MP has improperly handled dye colour IDs in banner NBT, leading to server crash High
GHSA-wqqv-jcfr-9f5g was published for pocketmine/pocketmine-mp (Composer) Jan 9, 2023
CSV injection in Craft CMS High
GHSA-xrpj-f9v6-2332 was published for craftcms/cms (Composer) Oct 4, 2021 withdrawn
Private files publicly accessible with Cloud Storage providers High
GHSA-vrf2-xghr-j52v was published for shopware/core (Composer) Jun 28, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-gqcf-83rq-gpfr was published for ibexa/post-install (Composer) Sep 14, 2021
Any storage file can be downloaded from p.sh if full server path is known High
GHSA-2rh5-jvgx-pgw3 was published for ezsystems/ezplatform (Composer) Sep 14, 2021
Content object state fetch functions open to SQL injection High
GHSA-jpwx-ffjq-wr4w was published for ezsystems/ezpublish-legacy (Composer) Sep 7, 2021
User can obtain JWT token even if account is disabled High
GHSA-36mj-6r7r-mqhf was published for ezsystems/ezplatform-rest (Composer) Sep 29, 2021
/user/sessions endpoint allows detecting valid accounts High
GHSA-gmrf-99gw-vvwj was published for ezsystems/ezpublish-kernel (Composer) Mar 11, 2021
NaN/INF in serverbound movement packets can crash clients and servers High
GHSA-fm35-jgg3-3grx was published for pocketmine/pocketmine-mp (Composer) Mar 18, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database