GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,800
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,805
Pub
12
RubyGems
927
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+
507 advisories
Filter by severity
Magento XPath Injection
Critical
CVE-2021-21025
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento OS Command Injection
Critical
CVE-2021-21018
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento OS command injection via the WebAPI
Critical
CVE-2021-21016
was published
for
magento/community-edition
(Composer)
May 24, 2022
Mautic stored Cross-site Scripting (XSS)
Critical
CVE-2020-35128
was published
for
mautic/core
(Composer)
May 24, 2022
ThinkAdmin insecure unserialize vulnerability
Critical
CVE-2020-23653
was published
for
zoujingli/thinkadmin
(Composer)
May 24, 2022
Magento 2 Community Edition RCE via Unsafe File Upload
Critical
CVE-2020-24407
was published
for
magento/community-edition
(Composer)
May 24, 2022
phpMyAdmin SQL injection vulnerability
Critical
CVE-2020-26935
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 24, 2022
Magento DOM-based Cross-site scripting vulnerability
Critical
CVE-2020-9691
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento php object injection vulnerability
Critical
CVE-2020-9664
was published
for
magento/core
(Composer)
May 24, 2022
Magento business logic error vulnerability
Critical
CVE-2020-9630
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento security mitigation bypass vulnerability
Critical
CVE-2020-9632
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento security mitigation bypass vulnerability
Critical
CVE-2020-9631
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento command injection vulnerability
Critical
CVE-2020-9582
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento command injection vulnerability
Critical
CVE-2020-9583
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Defense-in-depth security mitigation vulnerability
Critical
CVE-2020-9585
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Security mitigation bypass vulnerability
Critical
CVE-2020-9579
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento Security mitigation bypass vulnerability
Critical
CVE-2020-9580
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento command injection vulnerability
Critical
CVE-2020-9576
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento command injection vulnerability
Critical
CVE-2020-9578
was published
for
magento/community-edition
(Composer)
May 24, 2022
bbPress unauthenticated privilege-escalation
Critical
CVE-2020-13693
was published
for
bbpress/bbpress
(Composer)
May 24, 2022
Knock Knock plugin IP Whitelist bypass via an X-Forwarded-For HTTP header
Critical
CVE-2020-13485
was published
for
verbb/knock-knock
(Composer)
May 24, 2022
Moodle Oauth 2 Insufficiently Protects Against Compromise
Critical
CVE-2019-14880
was published
for
moodle/moodle
(Composer)
May 24, 2022
eZ Publish Kernel and Legacy Unrestricted Upload of File with Dangerous Type
Critical
CVE-2020-10806
was published
for
ezsystems/ezpublish-kernel
(Composer)
May 24, 2022
Dolibarr Cross-site Scripting via the qty parameter in product/fournisseurs.php
Critical
CVE-2019-19212
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Fat-Free Framework arbitrary code execution
Critical
CVE-2020-5203
was published
for
bcosca/fatfree
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API