GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+
172 advisories
Filter by severity
phpMyAdmin Remote Code Execution
High
CVE-2013-3239
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 17, 2022
Dolibarr ERP and CRM Code Injection
High
CVE-2019-11201
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Moodle Authenticated Spelling Binary Remote Code Execution
Moderate
CVE-2013-3630
was published
for
moodle/moodle
(Composer)
May 13, 2022
Pimcore Vulnerable to PHP Object Injection Attacks
High
CVE-2014-2921
was published
for
pimcore/pimcore
(Composer)
May 17, 2022
MAGMI plugin for Magento Unsafe File Upload
High
CVE-2014-8770
was published
for
dweeves/magmi
(Composer)
May 14, 2022
Code Injection in microweber
High
CVE-2022-0282
was published
for
microweber/microweber
(Composer)
Jan 21, 2022
Authenticated RCE in Zen Cart 1.5.5e
High
CVE-2017-11675
was published
for
zencart/zencart
(Composer)
May 17, 2022
Code Injection in baserCMS
High
CVE-2017-10844
was published
for
baserproject/basercms
(Composer)
May 14, 2022
WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection
Moderate
CVE-2022-2099
was published
for
woocommerce/woocommerce
(Composer)
Jul 18, 2022
Improper Control of Generation of Code in Twig rendered views
High
CVE-2023-2017
was published
for
shopware/core
(Composer)
Apr 18, 2023
phpMyFAQ Code Injection vulnerability
Moderate
CVE-2023-1761
was published
for
thorsten/phpmyfaq
(Composer)
Mar 31, 2023
Zenario CMS is vulnerable to Remote Code Execution (RCE).
Critical
CVE-2022-44136
was published
for
tribalsystems/zenario
(Composer)
Nov 30, 2022
Remote code execution in Funadmin
Critical
CVE-2023-24776
was published
for
funadmin/funadmin
(Composer)
Mar 6, 2023
Code Injection in alextselegidis/easyappointments
High
CVE-2023-1367
was published
for
alextselegidis/easyappointments
(Composer)
Mar 13, 2023
Code Injection in froxlor/froxlor
High
CVE-2023-0877
was published
for
froxlor/froxlor
(Composer)
Feb 17, 2023
Code Injection in thorsten/phpmyfaq
Moderate
CVE-2023-0792
was published
for
thorsten/phpmyfaq
(Composer)
Feb 12, 2023
Code Injection in thorsten/phpmyfaq
Critical
CVE-2023-0788
was published
for
thorsten/phpmyfaq
(Composer)
Feb 12, 2023
froxlor is vulnerable to privilege escalation from customer to root via directory-options
High
CVE-2023-0671
was published
for
froxlor/froxlor
(Composer)
Feb 4, 2023
Code injection in dolibarr/dolibarr
High
CVE-2022-0819
was published
for
dolibarr/dolibarr
(Composer)
Mar 3, 2022
Improper Neutralization of Special Elements Used in a Template Engine in microweber
High
CVE-2022-0896
was published
for
microweber/microweber
(Composer)
Mar 10, 2022
Froxlor vulnerable to Code Injection
Moderate
CVE-2022-3721
was published
for
froxlor/froxlor
(Composer)
Nov 4, 2022
Server Side Twig Template Injection
Critical
CVE-2022-21686
was published
for
prestashop/prestashop
(Composer)
Jan 27, 2022
Code injection in codiad
Critical
CVE-2019-19208
was published
for
codiad/codiad
(Composer)
Sep 1, 2021
Unauthenticated remote code execution in Ignition
Critical
CVE-2021-3129
was published
for
facade/ignition
(Composer)
Mar 29, 2021
Potential Code Injection in Sprout Forms
Critical
CVE-2020-11056
was published
for
barrelstrength/sprout-base-email
(Composer)
May 8, 2020
ProTip!
Advisories are also available from the
GraphQL API