GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
24 advisories
Filter by severity
openCart Server-Side Template Injection (SSTI) vulnerability
Moderate
CVE-2024-36694
was published
for
opencart/opencart
(Composer)
Jul 17, 2024
Ez Platform Object Injection in legacy shop module
Moderate
GHSA-39j2-4p9j-5w4j
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads
Moderate
GHSA-pqjm-xcp8-wgmm
was published
for
ezsystems/ezpublish-legacy
(Composer)
May 15, 2024
Dolibarr ERP CRM Code Injection vulnerability during installation
Moderate
CVE-2024-29477
was published
for
dolibarr/dolibarr
(Composer)
Apr 3, 2024
Cross-site Scripting in Moodle Chat
Moderate
CVE-2024-28593
was published
for
moodle/moodle
(Composer)
Mar 22, 2024
October CMS safe mode bypass using Page template injection
Moderate
CVE-2023-44381
was published
for
october/system
(Composer)
Nov 29, 2023
Moodle Code Injection vulnerability
Moderate
CVE-2023-5550
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
Moodle Code Injection vulnerability
Moderate
CVE-2023-5539
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
baserCMS Code Injection Vulnerability in Mail Form Feature
Moderate
CVE-2023-43792
was published
for
baserproject/basercms
(Composer)
Oct 26, 2023
LibreNMS Code Injection vulnerability
Moderate
CVE-2023-4977
was published
for
librenms/librenms
(Composer)
Sep 15, 2023
phpMyFAQ Code Injection vulnerability
Moderate
CVE-2023-1761
was published
for
thorsten/phpmyfaq
(Composer)
Mar 31, 2023
Code Injection in thorsten/phpmyfaq
Moderate
CVE-2023-0792
was published
for
thorsten/phpmyfaq
(Composer)
Feb 12, 2023
XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument
Moderate
GHSA-7vcx-v65q-9wpg
was published
for
phpxmlrpc/phpxmlrpc
(Composer)
Jan 11, 2023
Froxlor vulnerable to code injection
Moderate
CVE-2022-3869
was published
for
froxlor/froxlor
(Composer)
Nov 5, 2022
Froxlor vulnerable to Code Injection
Moderate
CVE-2022-3721
was published
for
froxlor/froxlor
(Composer)
Nov 4, 2022
Microweber vulnerable to HTML Injection in create tag functionality
Moderate
CVE-2022-3245
was published
for
microweber/microweber
(Composer)
Sep 21, 2022
WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection
Moderate
CVE-2022-2099
was published
for
woocommerce/woocommerce
(Composer)
Jul 18, 2022
Symfony Vulnerable to PHP Eval Injection
Moderate
CVE-2015-2308
was published
for
symfony/http-kernel
(Composer)
May 17, 2022
phpMyAdmin remote variable manipulation
Moderate
CVE-2011-2505
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 14, 2022
Moodle remote code execution via quiz questions
Moderate
CVE-2014-3545
was published
for
moodle/moodle
(Composer)
May 13, 2022
Securimage HTML Injection
Moderate
CVE-2017-14077
was published
for
dapphp/securimage
(Composer)
May 13, 2022
Moodle Authenticated Spelling Binary Remote Code Execution
Moderate
CVE-2013-3630
was published
for
moodle/moodle
(Composer)
May 13, 2022
PHP file inclusion via insert tags
Moderate
CVE-2021-37626
was published
for
contao/contao
(Composer)
Aug 23, 2021
Object injection in cookie driver in phpfastcache
Moderate
CVE-2019-16774
was published
for
phpfastcache/phpfastcache
(Composer)
Dec 12, 2019
ProTip!
Advisories are also available from the
GraphQL API