GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
172 advisories
Filter by severity
Magento 2 Community Edition RCE Vulnerability
High
CVE-2019-7932
was published
for
magento/community-edition
(Composer)
May 24, 2022
TYPO3 Backend Command Injection via Shell Metacharacters in Uploaded File Name
High
CVE-2009-3631
was published
for
typo3/cms-backend
(Composer)
May 2, 2022
Arbitrary Code Execution in Processwire
High
CVE-2023-24676
was published
for
processwire/processwire
(Composer)
Jan 24, 2024
Symfony Arbitrary PHP code Execution
High
CVE-2013-1397
was published
for
symfony/symfony
(Composer)
May 17, 2022
PHP Code Injection by malicious function name in smarty
Critical
CVE-2021-26120
was published
for
smarty/smarty
(Composer)
Feb 26, 2021
Mustache remote code injection vulnerability
High
CVE-2022-0323
was published
for
mustache/mustache
(Composer)
Jan 27, 2022
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows
High
CVE-2021-34551
was published
for
phpmailer/phpmailer
(Composer)
Jun 22, 2021
Potential Remote Code Execution vulnerability
High
CVE-2020-15227
was published
for
nette/application
(Composer)
Oct 2, 2020
DOMPDF Remote Code Execution
High
CVE-2014-5013
was published
for
dompdf/dompdf
(Composer)
May 17, 2022
Yii Framework Code Injection
High
CVE-2018-8074
was published
for
yiisoft/yii2-dev
(Composer)
May 24, 2022
Moodle vulnerable to PHP object injection attacks
High
CVE-2014-3541
was published
for
moodle/moodle
(Composer)
May 13, 2022
Symfony Unsafe Cache Serialization Could Enable RCE
Critical
CVE-2019-18889
was published
for
symfony/cache
(Composer)
Dec 2, 2019
Moodle XML import of ddwtos could lead to intentional remote code execution
High
CVE-2018-14630
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle remote code execution via quiz questions
Moderate
CVE-2014-3545
was published
for
moodle/moodle
(Composer)
May 13, 2022
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial
High
CVE-2021-29472
was published
for
composer/composer
(Composer)
Apr 29, 2021
Remote CLI Command Execution Vulnerability in CodeIgniter4
Critical
CVE-2022-24711
was published
for
codeigniter4/framework
(Composer)
Mar 1, 2022
Missing input validation can lead to command execution in composer
High
CVE-2022-24828
was published
for
composer/composer
(Composer)
Apr 22, 2022
phpMyAdmin remote variable manipulation
Moderate
CVE-2011-2505
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
phpMyAdmin vulnerable to static code injection
High
CVE-2011-2506
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
ImpressPages CMS RCE
Critical
CVE-2011-4943
was published
for
impresspages/impresspages
(Composer)
Apr 22, 2022
Magento php object injection vulnerability
Critical
CVE-2020-9664
was published
for
magento/core
(Composer)
May 24, 2022
Magento Remote code execution through catalog attribute sets
High
CVE-2019-8231
was published
for
magento/core
(Composer)
May 24, 2022
Magento Remote code execution through support/output path modification
High
CVE-2019-8230
was published
for
magento/core
(Composer)
May 24, 2022
Craft CMS Remote Code Execution vulnerability
Critical
CVE-2023-41892
was published
for
craftcms/cms
(Composer)
Sep 13, 2023
ProTip!
Advisories are also available from the
GraphQL API