GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+
530 advisories
Filter by severity
BEdita vulnerable to SQL injection
Critical
CVE-2019-15570
was published
for
bedita/bedita
(Composer)
May 24, 2022
Codiad remote code execution vulnerability
Critical
CVE-2018-14009
was published
for
codiad/codiad
(Composer)
May 13, 2022
Codiad Vulnerable to Shell Command Injection
Critical
CVE-2017-11366
was published
for
codiad/codiad
(Composer)
May 13, 2022
Symfony Authentication Bypass
Critical
CVE-2018-11407
was published
for
symfony/security
(Composer)
May 14, 2022
Subrion CMS PHP Object Injection
Critical
CVE-2017-5543
was published
for
intelliants/subrion
(Composer)
May 14, 2022
bbPress unauthenticated privilege-escalation
Critical
CVE-2020-13693
was published
for
bbpress/bbpress
(Composer)
May 24, 2022
SimpleSAMLphp Use of insecure connection charset (sqlauth module)
Critical
CVE-2018-6521
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 13, 2022
Akeneo PIM vulnerable to shell injection in the mass edition
Critical
CVE-2017-1000009
was published
for
akeneo/pim-community-dev
(Composer)
May 13, 2022
GeniXCMS Arbitrary User Password Reset Vulnerability
Critical
CVE-2017-8827
was published
for
genix/cms
(Composer)
May 17, 2022
Froxlor SQL injection vulnerability
Critical
CVE-2021-42325
was published
for
froxlor/froxlor
(Composer)
May 24, 2022
Froxlor guessable password reset token
Critical
CVE-2016-5100
was published
for
froxlor/froxlor
(Composer)
May 17, 2022
Fat-Free Framework arbitrary code execution
Critical
CVE-2020-5203
was published
for
bcosca/fatfree
(Composer)
May 24, 2022
SimpleSAMLphp SAML2 spoof SAML responses
Critical
CVE-2016-9814
was published
for
simplesamlphp/saml2
(Composer)
May 14, 2022
eZ Publish Kernel and Legacy Unrestricted Upload of File with Dangerous Type
Critical
CVE-2020-10806
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 24, 2022
silverstripe restfulserver and registry modules SQL injection vulnerability
Critical
CVE-2019-12149
was published
for
silverstripe/registry
(Composer)
May 24, 2022
PHPECC vulnerable to multiple cryptographic side-channel attacks
Critical
GHSA-346h-749j-r28w
was published
for
mdanter/ecc
(Composer)
Apr 25, 2024
ThinkPHP5 SQL Injection vulnerability
Critical
CVE-2021-44350
was published
for
topthink/framework
(Composer)
Dec 17, 2021
ThinkPHP SQL injection vulnerability
Critical
CVE-2018-17566
was published
for
topthink/framework
(Composer)
May 14, 2022
thinkphp SQL Injection via the index.php s parameter
Critical
CVE-2018-10225
was published
for
topthink/framework
(Composer)
May 14, 2022
Smarty PHP code injection
Critical
CVE-2017-1000480
was published
for
smarty/smarty
(Composer)
May 14, 2022
ThinkAdmin Administrator cookies still working after password change
Critical
CVE-2019-11018
was published
for
zoujingli/thinkadmin
(Composer)
May 13, 2022
FineUploader php-traditional-server unauthenticated arbitrary file upload vulnerability
Critical
CVE-2018-9209
was published
for
fineuploader/php-traditional-server
(Composer)
May 14, 2022
TeamPass Storing Passwords in a Recoverable Format vulnerability
Critical
CVE-2019-1000001
was published
for
nilsteampassnet/teampass
(Composer)
May 13, 2022
TeamPass SQL injection in users.queries.php
Critical
CVE-2017-9436
was published
for
nilsteampassnet/teampass
(Composer)
May 17, 2022
LibreNMS arbitrary OS commands execution
Critical
CVE-2018-20434
was published
for
librenms/librenms
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API