GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
190 advisories
PHP Code Injection by malicious function name in smarty
Critical
CVE-2021-26120
was published
for
smarty/smarty
(Composer)
Feb 26, 2021
Moodle vulnerable to PHP object injection attacks
High
CVE-2014-3541
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle XML import of ddwtos could lead to intentional remote code execution
High
CVE-2018-14630
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle remote code execution via quiz questions
Moderate
CVE-2014-3545
was published
for
moodle/moodle
(Composer)
May 13, 2022
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial
High
CVE-2021-29472
was published
for
composer/composer
(Composer)
Apr 29, 2021
Remote CLI Command Execution Vulnerability in CodeIgniter4
Critical
CVE-2022-24711
was published
for
codeigniter4/framework
(Composer)
Mar 1, 2022
Missing input validation can lead to command execution in composer
High
CVE-2022-24828
was published
for
composer/composer
(Composer)
Apr 22, 2022
Craft CMS Remote Code Execution vulnerability
Critical
CVE-2023-41892
was published
for
craftcms/cms
(Composer)
Sep 13, 2023
October CMS safe mode bypass using Twig sandbox escape
Critical
CVE-2023-44382
was published
for
october/system
(Composer)
Nov 29, 2023
October CMS safe mode bypass using Page template injection
Moderate
CVE-2023-44381
was published
for
october/system
(Composer)
Nov 29, 2023
ProTip!
Advisories are also available from the
GraphQL API