Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

516 advisories

Loading
Dolibarr SQL injection via the integer parameters qty and value_unit Critical
CVE-2018-16809 was published for dolibarr/dolibarr (Composer) May 14, 2022
Dolibarr remote PHP code execution Critical
CVE-2021-33816 was published for dolibarr/dolibarr (Composer) May 24, 2022
yii2-redis Potential Remote code execution Critical
CVE-2018-8073 was published for yiisoft/yii2-redis (Composer) May 14, 2022
phpMyAdmin Improper Privilege Management Critical
CVE-2017-18264 was published for phpmyadmin/phpmyadmin (Composer) May 13, 2022
phpMyAdmin SQL injection in Designer feature Critical
CVE-2019-6798 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
qcubed PHP object injection Critical
CVE-2020-24914 was published for qcubed/qcubed (Composer) May 24, 2022
qcubed SQL injection vulnerability in profile.php via the strQuery parameter Critical
CVE-2020-24913 was published for qcubed/qcubed (Composer) May 24, 2022
Knock Knock plugin IP Whitelist bypass via an X-Forwarded-For HTTP header Critical
CVE-2020-13485 was published for verbb/knock-knock (Composer) May 24, 2022
phpMyAdmin unsanitized Git information Critical
CVE-2019-19617 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
Moodle command execution vulnerability exists in the default legacy spellchecker plugin Critical
CVE-2021-21809 was published for moodle/moodle (Composer) May 24, 2022
phpMyAdmin SQL injection in Designer feature Critical
CVE-2019-11768 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
phpMyAdmin SQL injection vulnerability Critical
CVE-2020-26935 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
Moodle Minor SQL injection risk in admin user browsing Critical
CVE-2022-40315 was published for moodle/moodle (Composer) Oct 1, 2022
Moodle remote code execution Critical
CVE-2022-40314 was published for moodle/moodle (Composer) Oct 1, 2022
Moodle SQL injection via user preferences Critical
CVE-2017-2641 was published for moodle/moodle (Composer) May 17, 2022
Moodle Blind SSRF Risk in /badges/mybackpack.php Critical
CVE-2019-3809 was published for moodle/moodle (Composer) May 13, 2022
Moodle PostScript Code Injection Critical
CVE-2022-35649 was published for moodle/moodle (Composer) Jul 26, 2022
zend-mail remote code execution via Sendmail adapter Critical
CVE-2016-10034 was published for zendframework/zend-mail (Composer) May 14, 2022
Zend Framework SQL injection vector using null byte for PDO Critical
CVE-2015-7695 was published for zendframework/zendframework1 (Composer) May 17, 2022
Mautic stored Cross-site Scripting (XSS) Critical
CVE-2020-35128 was published for mautic/core (Composer) May 24, 2022
Elefant CMS PHP Code Execution Vulnerability Critical
CVE-2018-16975 was published for elefant/cms (Composer) May 13, 2022
PHPOffice Common Improper Restriction of XML External Entity Reference Critical
CVE-2018-14065 was published for phpoffice/common (Composer) May 14, 2022
phpWhois arbitrary code execution via a crafted whois record Critical
CVE-2015-5243 was published for brightlocal/phpwhois (Composer) May 14, 2022
Zend Framework SQL injection vulnerability Critical
CVE-2014-8089 was published for zendframework/zend-db (Composer) Apr 23, 2024
Drupal Core Remote Code Execution Vulnerability Critical
CVE-2018-7600 was published for drupal/core (Composer) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database