Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

203 advisories

Loading
Server Side Template Injection (SSTI) High
CVE-2024-28118 was published for getgrav/grav (Composer) Mar 22, 2024
as3617 juckchang
Credited to as3617 and juckchang
Server Side Template Injection (SSTI) High
CVE-2024-28117 was published for getgrav/grav (Composer) Mar 22, 2024
as3617 juckchang
Credited to as3617 and juckchang
Remote code execution in php-heic-to-jpg High
CVE-2024-48514 was published for maestroerror/php-heic-to-jpg (Composer) Oct 24, 2024
openCart Server-Side Template Injection (SSTI) vulnerability Moderate
CVE-2024-36694 was published for opencart/opencart (Composer) Jul 17, 2024
UniSharp Laravel Filemanager Code Injection vulnerability High
CVE-2024-21546 was published for unisharp/laravel-filemanager (Composer) Dec 18, 2024
Laravel Pulse Allows Remote Code Execution via Unprotected Query Method High
CVE-2024-55661 was published for laravel/pulse (Composer) Dec 13, 2024
angelej
Credited to angelej
Withdrawn Advisory: Symfony's VarDumper vulnerable to unsafe deserialization High
CVE-2024-36610 was published for symfony/var-dumper (Composer) Nov 29, 2024 withdrawn
jderusse
Credited to jderusse
Moodle Remote Code Execution vulnerability High
CVE-2024-43425 was published for moodle/moodle (Composer) Nov 7, 2024
Cross-site Scripting in Moodle Chat Moderate
CVE-2024-28593 was published for moodle/moodle (Composer) Mar 22, 2024
Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script High
CVE-2023-38886 was published for dolibarr/dolibarr (Composer) Sep 20, 2023
WWBN AVideo Remote Code Execution Critical
CVE-2024-31819 was published for wwbn/avideo (Composer) Apr 10, 2024
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag High
CVE-2024-42355 was published for shopware/core (Composer) Aug 8, 2024
Creastery
Credited to Creastery
Shopware vulnerable to Server Side Template Injection in Twig using Context functions High
CVE-2024-42356 was published for shopware/core (Composer) Aug 8, 2024
Creastery
Credited to Creastery
Dolibarr arbitrary file upload vulnerability High
CVE-2024-37821 was published for dolibarr/dolibarr (Composer) Jun 18, 2024
Privilege Escalation & SQL Injection in TYPO3 CMS High
GHSA-7qwg-fcpw-xg5g was published for typo3/cms (Composer) Jun 5, 2024
TYPO3 Remote Code Execution in third party library swiftmailer High
GHSA-g4pf-3jvq-2gcw was published for typo3/cms (Composer) Jun 5, 2024
Arbitrary Code Execution in TYPO3 CMS Critical
GHSA-67wg-6j7r-mqh8 was published for typo3/cms (Composer) Jun 5, 2024
Symfony Cross-Site Request Forgery vulnerability in the Web Profiler High
CVE-2014-6072 was published for symfony/symfony (Composer) May 30, 2024
Code injection in the way Symfony implements translation caching in FrameworkBundle High
CVE-2014-4931 was published for symfony/framework-bundle (Composer) May 30, 2024
Laravel RCE vulnerability in "cookie" session driver Critical
GHSA-2ffv-r4r9-r8xr was published for illuminate/cookie (Composer) May 15, 2024
Ez Platform Object Injection in legacy shop module Moderate
GHSA-39j2-4p9j-5w4j was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
EZsystems Remote code execution in file uploads High
GHSA-9895-26wr-4fgv was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads Moderate
GHSA-pqjm-xcp8-wgmm was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
eZ Platform Object Injection in SiteAccessMatchListener High
GHSA-64vj-933f-6pm3 was published for ezsystems/ezpublish-kernel (Composer) May 15, 2024
eZ Publish Remote code execution in file uploads High
GHSA-3vwr-jj4f-h98x was published for ezsystems/ezpublish-kernel (Composer) May 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database