Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

24 advisories

Loading
openCart Server-Side Template Injection (SSTI) vulnerability Moderate
CVE-2024-36694 was published for opencart/opencart (Composer) Jul 17, 2024
Ez Platform Object Injection in legacy shop module Moderate
GHSA-39j2-4p9j-5w4j was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads Moderate
GHSA-pqjm-xcp8-wgmm was published for ezsystems/ezpublish-legacy (Composer) May 15, 2024
Dolibarr ERP CRM Code Injection vulnerability during installation Moderate
CVE-2024-29477 was published for dolibarr/dolibarr (Composer) Apr 3, 2024
Cross-site Scripting in Moodle Chat Moderate
CVE-2024-28593 was published for moodle/moodle (Composer) Mar 22, 2024
October CMS safe mode bypass using Page template injection Moderate
CVE-2023-44381 was published for october/system (Composer) Nov 29, 2023
whatev3n
Moodle Code Injection vulnerability Moderate
CVE-2023-5550 was published for moodle/moodle (Composer) Nov 9, 2023
Moodle Code Injection vulnerability Moderate
CVE-2023-5539 was published for moodle/moodle (Composer) Nov 9, 2023
baserCMS Code Injection Vulnerability in Mail Form Feature Moderate
CVE-2023-43792 was published for baserproject/basercms (Composer) Oct 26, 2023
LibreNMS Code Injection vulnerability Moderate
CVE-2023-4977 was published for librenms/librenms (Composer) Sep 15, 2023
phpMyFAQ Code Injection vulnerability Moderate
CVE-2023-1761 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
aruneko
Code Injection in thorsten/phpmyfaq Moderate
CVE-2023-0792 was published for thorsten/phpmyfaq (Composer) Feb 12, 2023
XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument Moderate
GHSA-7vcx-v65q-9wpg was published for phpxmlrpc/phpxmlrpc (Composer) Jan 11, 2023
TatianaGarcia94
Froxlor vulnerable to code injection Moderate
CVE-2022-3869 was published for froxlor/froxlor (Composer) Nov 5, 2022
Froxlor vulnerable to Code Injection Moderate
CVE-2022-3721 was published for froxlor/froxlor (Composer) Nov 4, 2022
Microweber vulnerable to HTML Injection in create tag functionality Moderate
CVE-2022-3245 was published for microweber/microweber (Composer) Sep 21, 2022
WooCommerce WordPress plugin before 6.6.0 vulnerable to stored HTML injection Moderate
CVE-2022-2099 was published for woocommerce/woocommerce (Composer) Jul 18, 2022
Symfony Vulnerable to PHP Eval Injection Moderate
CVE-2015-2308 was published for symfony/http-kernel (Composer) May 17, 2022
phpMyAdmin remote variable manipulation Moderate
CVE-2011-2505 was published for phpmyadmin/phpmyadmin (Composer) May 14, 2022
Moodle remote code execution via quiz questions Moderate
CVE-2014-3545 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
Securimage HTML Injection Moderate
CVE-2017-14077 was published for dapphp/securimage (Composer) May 13, 2022
Moodle Authenticated Spelling Binary Remote Code Execution Moderate
CVE-2013-3630 was published for moodle/moodle (Composer) May 13, 2022
PHP file inclusion via insert tags Moderate
CVE-2021-37626 was published for contao/contao (Composer) Aug 23, 2021
ausi
Object injection in cookie driver in phpfastcache Moderate
CVE-2019-16774 was published for phpfastcache/phpfastcache (Composer) Dec 12, 2019
Geolim4
ProTip! Advisories are also available from the GraphQL API