Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,801
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,809
Pub
12
RubyGems
928
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

114 advisories

Loading
Code Injection in Bolt CMS High
CVE-2021-40219 was published for bolt/core (Composer) Apr 12, 2022
Server-side Template Injection in nystudio107/craft-seomatic High
CVE-2021-44618 was published for nystudio107/craft-seomatic (Composer) Mar 12, 2022
Static Code Injection in Microweber High
CVE-2022-0895 was published for microweber/microweber (Composer) Mar 11, 2022
Improper Neutralization of Special Elements Used in a Template Engine in microweber High
CVE-2022-0896 was published for microweber/microweber (Composer) Mar 10, 2022
Code injection in dolibarr/dolibarr High
CVE-2022-0819 was published for dolibarr/dolibarr (Composer) Mar 3, 2022
Code injection in Twig High
CVE-2022-23614 was published for twig/twig (Composer) Feb 10, 2022
Mustache remote code injection vulnerability High
CVE-2022-0323 was published for mustache/mustache (Composer) Jan 27, 2022
Code Injection in microweber High
CVE-2022-0282 was published for microweber/microweber (Composer) Jan 21, 2022
october/system arbitrary code execution High
CVE-2021-32650 was published for october/system (Composer) Jan 14, 2022
sushiwushi
October/System authenticated file write leads to remote code execution High
CVE-2021-32649 was published for october/system (Composer) Jan 14, 2022
cydave
Remote Code Execution vulnerability in PHPMailer 6.4.1 running on Windows High
CVE-2021-34551 was published for phpmailer/phpmailer (Composer) Jun 22, 2021
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial High
CVE-2021-29472 was published for composer/composer (Composer) Apr 29, 2021
thomas-chauchefoin-sonarsource
Grav's Twig processing allowing dangerous PHP functions by default High
CVE-2021-29440 was published for getgrav/grav (Composer) Apr 16, 2021
thomas-chauchefoin-sonarsource
Potential Remote Code Execution vulnerability High
CVE-2020-15227 was published for nette/application (Composer) Oct 2, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database