GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,361
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,794
NuGet
685
pip
3,473
Pub
12
RubyGems
895
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
172 advisories
Filter by severity
Smarty PHP code injection
Critical
CVE-2017-1000480
was published
for
smarty/smarty
(Composer)
May 14, 2022
Smarty arbitrary PHP code execution
High
CVE-2014-8350
was published
for
smarty/smarty
(Composer)
May 17, 2022
Dolibarr remote PHP code execution
Critical
CVE-2021-33816
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
yii2-redis Potential Remote code execution
Critical
CVE-2018-8073
was published
for
yiisoft/yii2-redis
(Composer)
May 14, 2022
Yii PHP Framework arbitrary PHP scripts execution
High
CVE-2014-4672
was published
for
yiisoft/yii
(Composer)
May 17, 2022
phpMyAdmin Remote code execution vulnerability when PHP is running with dbase extension
High
CVE-2016-6633
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
phpBB arbitrary CSS injection
High
CVE-2019-16108
was published
for
phpbb/phpbb
(Composer)
May 24, 2022
Moodle remote code execution
Critical
CVE-2022-40314
was published
for
moodle/moodle
(Composer)
Oct 1, 2022
Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration
High
CVE-2021-20187
was published
for
moodle/moodle
(Composer)
May 24, 2022
Zeta Components Mail Arbitrary code execution via a crafted email address
High
CVE-2017-15806
was published
for
zetacomponents/mail
(Composer)
May 17, 2022
Elefant CMS PHP Code Execution Vulnerability
Critical
CVE-2018-16975
was published
for
elefant/cms
(Composer)
May 13, 2022
phpWhois arbitrary code execution via a crafted whois record
Critical
CVE-2015-5243
was published
for
brightlocal/phpwhois
(Composer)
May 14, 2022
Drupal arbitrary code execution
High
CVE-2016-3171
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal PECL YAML parser unsafe object handling
Critical
CVE-2017-6920
was published
for
drupal/core
(Composer)
May 14, 2022
Securimage HTML Injection
Moderate
CVE-2017-14077
was published
for
dapphp/securimage
(Composer)
May 13, 2022
PHP file inclusion via insert tags
Moderate
CVE-2021-37626
was published
for
contao/contao
(Composer)
Aug 23, 2021
Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input
Critical
CVE-2023-28333
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Code injection in REDAXO
High
CVE-2024-25298
was published
for
redaxo/source
(Composer)
Feb 17, 2024
Dolibarr ERP CRM Code Injection vulnerability during installation
Moderate
CVE-2024-29477
was published
for
dolibarr/dolibarr
(Composer)
Apr 3, 2024
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
High
CVE-2024-28116
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Withdrawn Advisory: CraftCMS Server-Side Template Injection vulnerability
High
CVE-2023-30179
was published
for
craftcms/cms
(Composer)
Jun 13, 2023
•
withdrawn
TYPO3 Image Processing susceptible to Code Execution
High
CVE-2019-11832
was published
for
typo3/cms
(Composer)
May 24, 2022
Magento 2 Community Edition RCE
High
CVE-2019-7942
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition Unsafe File Upload
High
CVE-2019-7871
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition RCE Vulnerability
High
CVE-2019-7903
was published
for
magento/community-edition
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API