Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,651
Maven
5,000+
npm
4,279
NuGet
760
pip
4,066
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

530 advisories

Loading
Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability Critical
CVE-2014-4172 was published for DotNetCasClient (Composer) May 17, 2022
MarkLee131
Credited to MarkLee131
SQL injection in moodle Critical
CVE-2022-30599 was published for moodle/moodle (Composer) May 19, 2022
Incorrect Calculation in moodle Critical
CVE-2022-30600 was published for moodle/moodle (Composer) May 19, 2022
LibreNMS arbitrary OS commands execution Critical
CVE-2018-20434 was published for librenms/librenms (Composer) May 24, 2022
Contao SQL injection in the backend and listing module Critical
CVE-2017-16558 was published for contao/contao (Composer) May 24, 2022
PharStreamWrapper for Typo3 unsafe deserialization vulnerability Critical
CVE-2019-11830 was published for typo3/phar-stream-wrapper (Composer) May 24, 2022
Symfony Incorrect Access Control Critical
CVE-2017-11365 was published for symfony/security (Composer) May 24, 2022
phpMyAdmin SQL injection in Designer feature Critical
CVE-2019-11768 was published for phpmyadmin/phpmyadmin (Composer) May 24, 2022
silverstripe restfulserver and registry modules SQL injection vulnerability Critical
CVE-2019-12149 was published for silverstripe/registry (Composer) May 24, 2022
CodeIgniter Rest Server XXE Vulnerability Critical
CVE-2015-3907 was published for chriskacerguis/codeigniter-restserver (Composer) May 24, 2022
Contao SQL injection in the file manager Critical
CVE-2019-11512 was published for contao/contao (Composer) May 24, 2022
Wikimedia MediaWiki Incorrect Access Control vulnerability Critical
CVE-2019-12468 was published for mediawiki/core (Composer) May 24, 2022
Spoon Library as used in Fork CMS allows PHP object injection Critical
CVE-2019-15521 was published for spoon/library (Composer) May 24, 2022
BEdita vulnerable to SQL injection Critical
CVE-2019-15570 was published for bedita/bedita (Composer) May 24, 2022
LibreNMS Information Disclosure Critical
CVE-2019-10665 was published for librenms/librenms (Composer) May 24, 2022
Centreon Privilege Escalation Critical
CVE-2018-21025 was published for centreon/centreon (Composer) May 24, 2022
slub_events for Typo3 Arbitrary File Upload Critical
CVE-2019-16700 was published for slub/slub-events (Composer) May 24, 2022
sr_freecap for Typo3 RCE Vulnerability Critical
CVE-2019-16699 was published for sjbr/sr-freecap (Composer) May 24, 2022
Yii SQL injection vulnerability Critical
CVE-2018-7269 was published for yiisoft/yii2-dev (Composer) May 24, 2022
Craft CMS possibility of brute force attempts Critical
CVE-2019-15929 was published for craftcms/cms (Composer) May 24, 2022
Zend Framework Allows SQL Injection Critical
CVE-2015-0270 was published for zendframework/zend-db (Composer) May 24, 2022
Magento 2 Community Edition Insecure Component Critical
CVE-2019-8136 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition RCE Vulnerability Critical
CVE-2019-8144 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition XML Injection Critical
CVE-2019-8158 was published for magento/community-edition (Composer) May 24, 2022
Pimcore Access Control Issues Critical
CVE-2019-18981 was published for pimcore/pimcore (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database