Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,857
NuGet
696
pip
3,639
Pub
12
RubyGems
912
Rust
913
Swift
38
Unreviewed advisories
All unreviewed
5,000+

104 advisories

Loading
PHP Code Injection by malicious block or filename in Smarty High
CVE-2022-29221 was published for smarty/smarty (Composer) May 25, 2022
altm4n
Code injection in Elefant CMS High
CVE-2017-20064 was published for elefant/cms (Composer) Jun 21, 2022
Code injection in grav High
CVE-2022-2073 was published for getgrav/grav (Composer) Jun 30, 2022
PHPMailer vulnerable to email header injection High
CVE-2012-0796 was published for phpmailer/phpmailer (Composer) Oct 6, 2022
October CMS Safe Mode bypass leads to authenticated Remote Code Execution High
CVE-2022-35944 was published for october/system (Composer) Oct 13, 2022
cydave daftspunk
Akeneo PIM Community Edition vulnerable to remote php code execution High
CVE-2022-46157 was published for akeneo/pim-community-dev (Composer) Dec 9, 2022
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework High
CVE-2022-23503 was published for typo3/cms (Composer) Dec 13, 2022
Command injection in yiisoft/yii2-gii High
CVE-2020-36655 was published for yiisoft/yii2-gii (Composer) Jan 21, 2023
froxlor is vulnerable to privilege escalation from customer to root via directory-options High
CVE-2023-0671 was published for froxlor/froxlor (Composer) Feb 4, 2023
Code Injection in froxlor/froxlor High
CVE-2023-0877 was published for froxlor/froxlor (Composer) Feb 17, 2023
Code Injection in alextselegidis/easyappointments High
CVE-2023-1367 was published for alextselegidis/easyappointments (Composer) Mar 13, 2023
Improper Control of Generation of Code in Twig rendered views High
CVE-2023-2017 was published for shopware/core (Composer) Apr 18, 2023
Creastery
teampass vulnerable to code injection High
CVE-2023-2591 was published for nilsteampassnet/teampass (Composer) May 9, 2023
CraftCMS allows remote attacker to execute arbitrary code via crafted script to Section parameter High
CVE-2023-30130 was published for craftcms/cms (Composer) May 12, 2023
Code injection in nilsteampassnet/teampass High
CVE-2023-2859 was published for nilsteampassnet/teampass (Composer) May 24, 2023
Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability High
CVE-2023-30179 was published for craftcms/cms (Composer) Jun 13, 2023 withdrawn
angrybrad
Grav Server-side Template Injection (SSTI) via Twig Default Filters High
CVE-2023-34252 was published for getgrav/grav (Composer) Jun 16, 2023
jacobsoo
Grav Server-side Template Injection (SSTI) via Denylist Bypass Vulnerability High
CVE-2023-34253 was published for getgrav/grav (Composer) Jun 16, 2023
jacobsoo
Command injection in pagekit High
CVE-2023-41005 was published for pagekit/pagekit (Composer) Aug 29, 2023
Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script High
CVE-2023-38886 was published for dolibarr/dolibarr (Composer) Sep 20, 2023
Economizzer host header injection vulnerability High
CVE-2023-38877 was published for gugoan/economizzer (Composer) Sep 28, 2023
Subrion remote command execution vulnerability High
CVE-2023-46947 was published for intelliants/subrion (Composer) Nov 3, 2023
Moodle Code Injection vulnerability High
CVE-2023-5540 was published for moodle/moodle (Composer) Nov 9, 2023
Statamic CMS vulnerable to remote code execution via form uploads High
CVE-2023-48217 was published for statamic/cms (Composer) Nov 14, 2023
ahinkle
Arbitrary Code Execution in Processwire High
CVE-2023-24676 was published for processwire/processwire (Composer) Jan 24, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database