Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

172 advisories

Loading
Smarty PHP code injection Critical
CVE-2017-1000480 was published for smarty/smarty (Composer) May 14, 2022
Smarty arbitrary PHP code execution High
CVE-2014-8350 was published for smarty/smarty (Composer) May 17, 2022
Dolibarr remote PHP code execution Critical
CVE-2021-33816 was published for dolibarr/dolibarr (Composer) May 24, 2022
yii2-redis Potential Remote code execution Critical
CVE-2018-8073 was published for yiisoft/yii2-redis (Composer) May 14, 2022
Yii PHP Framework arbitrary PHP scripts execution High
CVE-2014-4672 was published for yiisoft/yii (Composer) May 17, 2022
phpMyAdmin Remote code execution vulnerability when PHP is running with dbase extension High
CVE-2016-6633 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
phpBB arbitrary CSS injection High
CVE-2019-16108 was published for phpbb/phpbb (Composer) May 24, 2022
Moodle remote code execution Critical
CVE-2022-40314 was published for moodle/moodle (Composer) Oct 1, 2022
Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration High
CVE-2021-20187 was published for moodle/moodle (Composer) May 24, 2022
Zeta Components Mail Arbitrary code execution via a crafted email address High
CVE-2017-15806 was published for zetacomponents/mail (Composer) May 17, 2022
Elefant CMS PHP Code Execution Vulnerability Critical
CVE-2018-16975 was published for elefant/cms (Composer) May 13, 2022
phpWhois arbitrary code execution via a crafted whois record Critical
CVE-2015-5243 was published for brightlocal/phpwhois (Composer) May 14, 2022
Drupal arbitrary code execution High
CVE-2016-3171 was published for drupal/core (Composer) May 17, 2022
Drupal PECL YAML parser unsafe object handling Critical
CVE-2017-6920 was published for drupal/core (Composer) May 14, 2022
Securimage HTML Injection Moderate
CVE-2017-14077 was published for dapphp/securimage (Composer) May 13, 2022
PHP file inclusion via insert tags Moderate
CVE-2021-37626 was published for contao/contao (Composer) Aug 23, 2021
ausi
Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input Critical
CVE-2023-28333 was published for moodle/moodle (Composer) Mar 23, 2023
Code injection in REDAXO High
CVE-2024-25298 was published for redaxo/source (Composer) Feb 17, 2024
Dolibarr ERP CRM Code Injection vulnerability during installation Moderate
CVE-2024-29477 was published for dolibarr/dolibarr (Composer) Apr 3, 2024
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass High
CVE-2024-28116 was published for getgrav/grav (Composer) Mar 22, 2024
akabe1
Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability High
CVE-2023-30179 was published for craftcms/cms (Composer) Jun 13, 2023 withdrawn
angrybrad
TYPO3 Image Processing susceptible to Code Execution High
CVE-2019-11832 was published for typo3/cms (Composer) May 24, 2022
ohader
Magento 2 Community Edition RCE High
CVE-2019-7942 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition Unsafe File Upload High
CVE-2019-7871 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition RCE Vulnerability High
CVE-2019-7903 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API