Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

530 advisories

Loading
Laravel Framework Deserialization Vulnerability Critical
CVE-2019-9081 was published for laravel/framework (Composer) May 14, 2022
October CMS File Upload Vulnerability Critical
CVE-2017-1000194 was published for october/october (Composer) May 13, 2022
daftspunk
Credited to daftspunk
Centreon Privilege Escalation Critical
CVE-2018-21025 was published for centreon/centreon (Composer) May 24, 2022
Anchor CMS Logs Credentials Critical
CVE-2018-7251 was published for anchorcms/anchor-cms (Composer) May 13, 2022
Object state limitation has no effect Critical
GHSA-5x4f-7xgq-r42x was published for ezsystems/ezpublish-kernel (Composer) Apr 29, 2022
tdunlap607
Credited to tdunlap607
Bacula-web SQL Injection Vulnerabilities Critical
CVE-2017-15367 was published for bacula-web/bacula-web (Composer) May 14, 2022
PaginationServiceProvider SQL Injection vulnerability Critical
CVE-2014-125029 was published for ttskch/pagination-service-provider (Composer) Jan 8, 2023
DBRisinajumi d2files SQL Injection vulnerability Critical
CVE-2015-10018 was published for dbrisinajumi/d2files (Composer) Jan 6, 2023
kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference Critical
CVE-2015-10029 was published for kelvinmo/simplexrd (Composer) Jan 7, 2023
tinymighty WikiSEO is vulnerable to cross-site scripting via modifyHTML function Critical
CVE-2015-10073 was published for tinymighty/wiki-seo (Composer) Feb 6, 2023
SQL injection in webbuilders-group silverstripe-kapost-bridge Critical
CVE-2015-10077 was published for webbuilders-group/silverstripe-kapost-bridge (Composer) Feb 10, 2023
SQL Injection in liftkit/database Critical
CVE-2016-15020 was published for liftkit/database (Composer) Jan 16, 2023
WebPA SQL Injection vulnerability Critical
CVE-2021-4308 was published for webpa/webpa (Composer) Jan 8, 2023
nterchange Code Injection vulnerability Critical
CVE-2015-10009 was published for nonfiction/nterchange (Composer) Jan 2, 2023
Zend Framework Allows SQL Injection Critical
CVE-2016-4861 was published for zendframework/zendframework (Composer) May 14, 2022
phpMyAdmin CSRF Vulnerability Critical
CVE-2016-9866 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Json response for search reveals Solr credentials Critical
GHSA-v6xp-ccvx-w52m was published for ibexa/solr (Composer) Nov 3, 2023
Json response for search reveals Solr credentials Critical
GHSA-7crc-r3wg-cfgf was published for ezsystems/ezplatform-solr-search-engine (Composer) Nov 3, 2023
Cross Site Scripting vulnerability in Dolibarr ERP CRM Critical
CVE-2023-38888 was published for dolibarr/dolibarr (Composer) Sep 20, 2023
Cachet vulnerable to Authenticated Remote Code Execution Critical
CVE-2023-43661 was published for cachethq/cachet (Composer) Oct 16, 2023
rive-n
Credited to rive-n
Grav Server Side Template Injection (SSTI) vulnerability Critical
CVE-2023-34251 was published for getgrav/grav (Composer) Jun 16, 2023
scgajge12
Credited to scgajge12
Froxlor vulnerable to Improper Restriction of Excessive Authentication Attempts Critical
CVE-2023-3173 was published for froxlor/froxlor (Composer) Jun 9, 2023
Snappy PHAR deserialization vulnerability Critical
CVE-2023-41330 was published for knplabs/knp-snappy (Composer) Sep 8, 2023
phpMyFAQ Cross-site Scripting vulnerability Critical
CVE-2023-5320 was published for thorsten/phpmyfaq (Composer) Sep 30, 2023
phpMyFAQ Cross-site Scripting vulnerability Critical
CVE-2023-5316 was published for thorsten/phpmyfaq (Composer) Sep 30, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database