Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

149 advisories

Loading
Moodle arbitrary file read vulnerability Moderate
CVE-2023-28330 was published for moodle/moodle (Composer) Mar 23, 2023
Moodle Improper Input Validation vulnerability Moderate
CVE-2021-36402 was published for moodle/moodle (Composer) Mar 7, 2023
Shopware has Improper Input Validation issue in newsletter subscription Moderate
CVE-2023-22734 was published for shopware/core (Composer) Jan 20, 2023
Shopware vulnerable to Improper Input Validation of Clearance sale in cart Moderate
CVE-2023-22730 was published for shopware/core (Composer) Jan 17, 2023
JoshuaBehrens aragon999
Browsershot version 3.57.3 vulnerable to improper input validation Moderate
CVE-2022-43984 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607
Browsershot does not validate URL protocols passed to Browsershot URL method High
CVE-2022-41706 was published for spatie/browsershot (Composer) Nov 25, 2022
tdunlap607
Magento Improper input validation vulnerability High
CVE-2022-42344 was published for magento/community-edition (Composer) Oct 20, 2022
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent Moderate
CVE-2022-36032 was published for react/http (Composer) Sep 16, 2022
lavish
Moodle PostScript Code Injection Critical
CVE-2022-35649 was published for moodle/moodle (Composer) Jul 26, 2022
Moodle Arbitrary file read when importing lesson questions High
CVE-2022-35650 was published for moodle/moodle (Composer) Jul 26, 2022
TYPO3 Image Processing susceptible to Code Execution High
CVE-2019-11832 was published for typo3/cms (Composer) May 24, 2022
ohader
Magento Improper input validation vulnerability Moderate
CVE-2021-28585 was published for magento/community-edition (Composer) May 24, 2022
EC-CUBE Improper input validation vulnerability High
CVE-2020-5680 was published for ec-cube/ec-cube (Composer) May 24, 2022
Moodle vulnerable to RCE High
CVE-2020-10738 was published for moodle/moodle (Composer) May 24, 2022
Froxlor Information Disclosure Moderate
CVE-2020-10236 was published for froxlor/froxlor (Composer) May 24, 2022
Froxlor arbitrary code execution via the database configuration options High
CVE-2020-10235 was published for froxlor/froxlor (Composer) May 24, 2022
Magento arbitrary PHP code execution via the productData parameter High
CVE-2015-6497 was published for magento/core (Composer) May 24, 2022
sr_freecap for Typo3 RCE Vulnerability Critical
CVE-2019-16699 was published for sjbr/sr-freecap (Composer) May 24, 2022
Magento 2 Community Edition Information Disclosure Moderate
CVE-2019-7898 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition Information Disclosure Moderate
CVE-2019-7899 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition RCE Vulnerability High
CVE-2019-7885 was published for magento/community-edition (Composer) May 24, 2022
Moodle Private files uploaded via incoming mail processing could bypass quota restrictions Moderate
CVE-2019-10134 was published for moodle/moodle (Composer) May 24, 2022
phpBB Denial of Service High
CVE-2019-9826 was published for phpbb/phpbb (Composer) May 24, 2022
CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code High
CVE-2010-4335 was published for cakephp/cakephp (Composer) May 17, 2022
ravage84
Typo3 API XSS Vulnerabilities Moderate
CVE-2012-1608 was published for typo3/cms (Composer) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database